Re: Suggestion for a new system call: convert file handle to a cookie for transfering file handles between processes.)

From: Ingo Oeser (
Date: Mon Jul 21 2003 - 14:31:44 EST

On Mon, Jul 21, 2003 at 01:27:06PM -0400, Jan Harkes wrote:
> - Refcounting issues, a rogue application can quickle use up kernel
> resources by requesting thousands of cookies, he isn't even limited by
> per-process resource limits, as it is possible to open a file, grab a
> cookie, and close the file. The only 'solution' you have is a timeout
> on the cookie, possibly this could be extended by some scheme where
> cookies are dropped more agressivly. But any such solution will either
> not be sufficient to protect the system from resource exhaustion or
> provide the opportunity for denial of service attacks.

Best of all: How big you make the number, doesn't matter: You can
always guess such numbers as a local attacker. If not now, then
in some years (want to recompile all existing applications then?).

cmsg(SCM_RIGHTS) is the much better solution, if you really have
processes, which are neither a sibling nor a parent/child

And it's also ugly enough ;-)


Ingo Oeser
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jul 23 2003 - 22:00:45 EST