Re: Idea: flink() and anon_open()

Jeremy Fitzhardinge (jeremy@zip.com.au)
Fri, 13 Mar 1998 10:29:07 +1100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roland Steinbach: "Re: [OFFTOPIC]: Linux is losing to Macs in the RC5 effort!"
Previous message: Chris Wedgwood: "Re: Swap area: why not more than 128M each?"
Maybe in reply to: Zack Weinberg: "Idea: flink() and anon_open()"

Albert D. Cahalan wrote:
> How is that worse than fchmod() on the file descriptor?
> If you own the inode, you can change the permission AFAIK.
> If you don't own the inode, getting a filename won't help you.

That's not the issue. If you open a file O_RDONLY and pass the fd off
to someone else (say, a subprocess running with the same credentials),
all they can do is read the file. If the file also exists in the
namespace, they can reopen it O_RDWR and modify the file. If flink()
exists, they can create their own name and open it with whatever mode
they like. This would break code which assumes that if it passes off a
RO file descriptor, that it will always be RO.

Naturally you can still fchmod the file, but if you're talking about the
case of an anonymous temp file, it doesn't matter what the permissions
are once its open and has no name.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Roland Steinbach: "Re: [OFFTOPIC]: Linux is losing to Macs in the RC5 effort!"
Previous message: Chris Wedgwood: "Re: Swap area: why not more than 128M each?"
Maybe in reply to: Zack Weinberg: "Idea: flink() and anon_open()"