Home Explore Help
Register Sign In
RISCI_ATOM
/
harvey
mirror of https://github.com/Harvey-OS/harvey.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 2d4f830104
Branches Tags
harvey
/
sys
/
man
/
3
/
cap

cap 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. .TH CAP 3 
    2. 

  2. .SH NAME
    3. 

  3. cap \- capabilities for setting the user id of processes
    4. 

  4. .SH SYNOPSIS
    5. 

  5. .B bind #¤
    6. 

  6. .I dir
    7. 

  7. .nf
    8. 

  8. 

  9. .IB dir /caphash
    10. 

  10. .IB dir /capuse
    11. 

  11. .fi
    12. 

  12. .SH DESCRIPTION
    13. 

  13. .PP
    14. 

  14. This device enables a trusted process to
    15. 

  15. create a capability that another process
    16. 

  16. may then use to change its user id.  The intent is to allow
    17. 

  17. server processes, for example
    18. 

  18. .B telnetd
    19. 

  19. (see
    20. 

  20. .IR ipserv (8)),
    21. 

  21. to change their user id after having proved
    22. 

  22. to a trusted process, such as
    23. 

  23. .IR factotum (4),
    24. 

  24. that they are indeed executing
    25. 

  25. on behalf of a user.
    26. 

  26. A trusted process is one running with the user id
    27. 

  27. of the host owner (see
    28. 

  28. .B /dev/hostowner
    29. 

  29. in
    30. 

  30. .IR cons (3)).
    31. 

  31. .PP
    32. 

  32. A capability is a null terminated string consisting of the concatenation of
    33. 

  33. an old user name, an ``@'', a new user name, an ``@'', and a string of randomly
    34. 

  34. generated characters called the key.
    35. 

  35. The trusted process enables the kernel to authenticate
    36. 

  36. capabilities passed to it by writing to
    37. 

  37. .I caphash
    38. 

  38. a secure hash of the capability.
    39. 

  39. The hash is 20 bytes long and generated by the following call:
    40. 

  40. .EX
    41. 

  41. 

  42. 	hmac_sha1(old_at_new, strlen(old_at_new), key, strlen(key),
    43. 

  43. 		hash, nil);
    44. 

  44. 

  45. .EE
    46. 

  46. The kernel maintains a list of hashes, freeing them after the
    47. 

  47. corresponding capability is used or after a minute has passed
    48. 

  48. since the write to
    49. 

  49. .IR caphash .
    50. 

  50. .PP
    51. 

  51. The trusted process may then pass the capability to any process
    52. 

  52. running as the old user.  That process may then
    53. 

  53. use the capability to change identity to the new user.
    54. 

  54. A process uses a capability by writing it to
    55. 

  55. .IR capuse .
    56. 

  56. The kernel computes the same hash using the supplied capability
    57. 

  57. and searches its list of hashes for a match.  If one is found,
    58. 

  58. the kernel sets the process's user id to that in the capability.
    59. 

  59. .SH SOURCE
    60. 

  60. .B /sys/src/9/port/devcap.c
    61. 

  61. .SH "SEE ALSO"
    62. 

  62. .IR sechash (2)
    63. 

  63. .SH DIAGNOSTICS
    64. 

  64. .PP
    65. 

  65. Errors generated by reading and writing
    66. 

  66. .I caphash
    67. 

  67. and
    68. 

  68. .I capuse
    69. 

  69. can be obtained using
    70. 

  70. .IR errstr (2).
    71. 

  71. A read of
    72. 

  72. .I caphash
    73. 

  73. with a length of less than 20
    74. 

  74. or a write to
    75. 

  75. .I capuse
    76. 

  76. that doesn't contain two @ characters
    77. 

  77. generates the error ``read or write too small''.
    78. 

  78. A write to
    79. 

  79. .I capuse
    80. 

  80. that has no matching hash generates the error
    81. 

  81. ``invalid capability''.
    82.