Subject: Re: Addition to force open to open only regular files
To: None <tech-kern@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 11/15/2000 20:15:20
[ On Sunday, November 12, 2000 at 14:35:34 (-0700), Warner Losh wrote: ]
> Subject: Re: Addition to force open to open only regular files 
>
> Right.  That's why you really need to be able to drop privs, open the
> file, raise the privs.  Anything that doesn't allow this will be
> doomed to failure.

Well, sort of.  Doing this requires a fork() to be safe, particularly if
the process is running as the superuser, and this implies either doing
really tricky stuff with multiple opens and stats (as I do in Smail), or
passing the file descriptor back to the privileged parent process by
some means.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>