Bug 213375 - cap_copy_*() backwards and forwards compatibility
Summary: cap_copy_*() backwards and forwards compatibility
Status: RESOLVED CODE_FIX
Alias: None
Product: Tools
Classification: Unclassified
Component: libcap (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Andrew G. Morgan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-09 02:58 UTC by Andrew G. Morgan
Modified: 2021-06-19 20:26 UTC (History)
0 users

See Also:
Kernel Version: n/a
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Andrew G. Morgan 2021-06-09 02:58:55 UTC 
The cap_copy_int() function is quite permissive when reading externalized capabilities, but the cap_copy_ext() hard codes the size. It seems as if they could both be more flexible when the raised capabilities are all in the lower bits.

That is, when libcap (v1) only supported 32-bit capabilities, it exported them with 3*4 byte vectors. These external vectors could be imported when applied on 64-bit capable systems. But the other direction (exported from 64-bit) was not supported even when only the first 32-capability bits were being used.

While we are not yet close to expanding beyond 64 bits, I'd like to avoid this issue recurring.
Comment 1 Andrew G. Morgan 2021-06-09 05:12:15 UTC 
It turns out that the Go functions cap.Import() and cap.Export() already work this way.

That being said, in case anyone is using the libcap C functions and depends on their current behavior, I'm going to preserve cap_copy_ext() behavior for current external representations. All of the libcap/cap (Go) and libcap (C) functions interoperate on external data.
Note You need to log in before you can comment on or make changes to this bug.