[RFC PATCH V2 2/4] capabilities: invert logic for clarity

[RFC PATCH V2 0/4] capabilities: do not audit log BPRM_FCAPS on set*id · Richard Guy Briggs <hidden> · 2017-05-11
[RFC PATCH V2 1/4] capabilities: use macros to make the logic easier to follow and verify · Richard Guy Briggs <hidden> · 2017-05-11
[RFC PATCH V2 1/4] capabilities: use macros to make the logic easier to follow and verify · serge@hallyn.com (Serge E. Hallyn) · 2017-05-12
[RFC PATCH V2 1/4] capabilities: use macros to make the logic easier to follow and verify · Richard Guy Briggs <hidden> · 2017-05-12
[RFC PATCH V2 1/4] capabilities: use macros to make the logic easier to follow and verify · serge@hallyn.com (Serge E. Hallyn) · 2017-05-12
[RFC PATCH V2 2/4] capabilities: invert logic for clarity · Richard Guy Briggs <hidden> · 2017-05-11
[RFC PATCH V2 3/4] capabilities: fix logic for effective root or real root · Richard Guy Briggs <hidden> · 2017-05-11
[RFC PATCH V2 4/4] capabilities: auit log other surprising conditions · Richard Guy Briggs <hidden> · 2017-05-11
[RFC PATCH V2 0/4] capabilities: do not audit log BPRM_FCAPS on set*id · paul@paul-moore.com (Paul Moore) · 2017-06-02
[RFC PATCH V2 0/4] capabilities: do not audit log BPRM_FCAPS on set*id · Richard Guy Briggs <hidden> · 2017-06-02
[RFC PATCH V2 0/4] capabilities: do not audit log BPRM_FCAPS on set*id · paul@paul-moore.com (Paul Moore) · 2017-06-02

STALE3286d

Revisions (19)

2017-05-11 v2 current
2017-08-23 v3 [diff vs current]
2017-08-24 v3 [diff vs current]
2017-08-24 v3 [diff vs current]
2017-08-24 v3 [diff vs current]
2017-08-24 v3 [diff vs current]
2017-08-24 v3 [diff vs current]
2017-08-25 v3 [diff vs current]
2017-08-25 v3 [diff vs current]
2017-08-25 v3 [diff vs current]
2017-08-28 v3 [diff vs current]
2017-08-28 v3 [diff vs current]
2017-09-01 v3 [diff vs current]
2017-09-02 v3 [diff vs current]
2017-09-04 v3 [diff vs current]
2017-09-05 v3 [diff vs current]
2017-09-05 v4 [diff vs current]
2017-09-07 v4 [diff vs current]
2017-10-12 v5 [diff vs current]

From: Richard Guy Briggs <hidden>
Date: 2017-05-11 20:42:41
Subsystem: capabilities, security subsystem, the rest · Maintainers: Serge Hallyn, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

The way the logic was presented, it was awkward to read and verify.  Invert the
logic using DeMorgan's Law to be more easily able to read and understand.

Signed-off-by: Richard Guy Briggs <redacted>
---
 security/commoncap.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/security/commoncap.c b/security/commoncap.c
index 9520f0a..664d6a5 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c

@@ -608,7 +608,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
 	 * Number 1 above might fail if you don't have a full bset, but I think
 	 * that is interesting information to audit.
 	 */
-	if (pESET && (!pEALL || !EROOT || !RROOT || !SROOT) ) {
+	if (pESET && !(pEALL && EROOT && RROOT && SROOT) ) {
 		ret = audit_log_bprm_fcaps(bprm, new, old);
 		if (ret < 0)
 			return ret;

-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info@ http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help