< May 2008 >
     1 2 3
4 5 6 7 8 910
Tue, 06 May 2008:

For most of April, I've been on the road. Late night rides all around town, through inner ring road and cubbon, chugging along on my new bike. The weather's been brilliant and I was out, just cruising along the roads, like in a dream.

Yup, I went and splurged on a brand spanking new Royal Enfield Thunderbird. Full 350 cc, 18 BHP of raw petrol power, purring along like a kitten at full throttle, but whisper quiet in idle. For such a heavy bike, it is surprisingly easy to handle, taking bottom heavy curves on turns and excellent stability at speeds. The bike's behaved pretty well so far, the first full tank of petrol lasted me for around 600 Kms. And for once, I'm actually riding a bike made for someone six feet plus. In short, I love it.

The nights are long and the roads are empty
The world's sleeping and nobody's watching
And the wind whispered to me; keep on driving.

If you worried about falling off the bike, you’d never get on.
         -- Lance Armstrong

posted at: 20:20 | path: /hardware | permalink | Tags: ,

There's a certain cultural bankruptcy which shows itself in sequels. It indicates, that you're reduced to imitating yourself. But this isn't that kind of a sequel. No, not the kind where there are T Rexes in the city, trying to make a living drawing cartoons or Arnie switching from ammo boxes to ballots. This is the kind which gives a New Hope.

Yesterday, I had an outpouring of hate against the linux capability model. But the problem turned out to be that setuid resets all the capabilites. In hindsight that makes a lot of sense, but didn't even strike until the kernel people (y! has those too) got involved (and I didn't RTFM).

Enter Prctl: The solution was to use the prctl() call with PR_SET_KEEPCAPS to ensure that the capabilities are not discarded when the effective user-id of a process is changed. But, even then, only the CAP_PERMITTED flags are retained and the CAP_EFFECTIVE are masked to zeros.

So, with the prctl call and another cap_set_proc to reset CAP_EFFECTIVE, it was on a roll. Here's the patch on top of unnice.c.

 #include <sys/resource.h>
+#include <sys/prctl.h>;
@@ -26,12 +27,14 @@

+       prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);

        /* child */
        if(setuid(nobody_uid) < 0)
+       cap_set_proc(lcap);

        if(setpriority(PRIO_PROCESS, 0, getpriority(PRIO_PROCESS, 0) - 1) < 0)

Thus concludes this adventure and hope that this blog entry serves as warning of things to come. Watch this space for more Tales! Of! INTEREST!.

Only great masters of style can succeed in being obtuse.

posted at: 18:34 | path: /php | permalink | Tags: , ,