From 9fd51e9b0ad33a89a83fdbbb66bd20d85f7893fb Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Fri, 4 Feb 2000 03:21:18 +0000 Subject: Import of Linux 2.2.12 subset (ipv4 stack and related) --- pfinet/linux-src/include/linux/securebits.h | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 pfinet/linux-src/include/linux/securebits.h (limited to 'pfinet/linux-src/include/linux/securebits.h') diff --git a/pfinet/linux-src/include/linux/securebits.h b/pfinet/linux-src/include/linux/securebits.h new file mode 100644 index 00000000..1e10badc --- /dev/null +++ b/pfinet/linux-src/include/linux/securebits.h @@ -0,0 +1,30 @@ +#ifndef _LINUX_SECUREBITS_H +#define _LINUX_SECUREBITS_H 1 + +#define SECUREBITS_DEFAULT 0x00000000 + +extern unsigned securebits; + +/* When set UID 0 has no special privileges. When unset, we support + inheritance of root-permissions and suid-root executablew under + compatibility mode. We raise the effective and inheritable bitmasks + *of the executable file* if the effective uid of the new process is + 0. If the real uid is 0, we raise the inheritable bitmask of the + executable file. */ +#define SECURE_NOROOT 0 + +/* When set, setuid to/from uid 0 does not trigger capability-"fixes" + to be compatible with old programs relying on set*uid to loose + privileges. When unset, setuid doesn't change privileges. */ +#define SECURE_NO_SETUID_FIXUP 2 + +/* Each securesetting is implemented using two bits. One bit specify + whether the setting is on or off. The other bit specify whether the + setting is fixed or not. A setting which is fixed cannot be changed + from user-level. */ + +#define issecure(X) ( (1 << (X+1)) & SECUREBITS_DEFAULT ? \ + (1 << (X)) & SECUREBITS_DEFAULT : \ + (1 << (X)) & securebits ) + +#endif /* !_LINUX_SECUREBITS_H */ -- cgit v1.2.3