chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6295ba8)
shared/capabilities: simplify assertions about bits
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 4 Feb 2015 15:24:02 +0000 (10:24 -0500)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 4 Feb 2015 15:27:09 +0000 (10:27 -0500)
The assert added in 7d328b5446 was wrong. Also update the comments
and make sure we don't try to shift by type size.

src/shared/capability.c patch | blob | history

diff --git a/src/shared/capability.c b/src/shared/capability.c
index 57f392a4da887228c616577f63c8b37ca8ad03b5..915ceb9d9b1a4749206bebb638a971f7dcac156c 100644 (file)
--- a/src/shared/capability.c
+++ b/src/shared/capability.c
@@ -275,10 +275,10 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
                         if (keep_capabilities & (1ULL << i))
                                 bits[j++] = i;
 
-                /* don't keep too many bits */
-                assert((keep_capabilities & (~1ULL << i)) == 0);
-                /* don't throw away too many bits */
-                assert(((keep_capabilities >> i) & (~1ULL >> i)) == 0);
+                /* use enough bits */
+                assert(i == 64 || (keep_capabilities >> i) == 0);
+                /* don't use too many bits */
+                assert(keep_capabilities & (1ULL << (i - 1)));
 
                 if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
                     cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
Unnamed repository; edit this file 'description' to name the repository.