In message <20001117223759.3D3874@proven.weird.com> Greg A. Woods writes:
: I don't think O_REG_ONLY, O_RGONLY, or whatever will sovle the problem
: sufficiently.  It works now, today, with devices, but as someone's
: already mentioned, what about symlinks (I don't recall seeing a real
: answer to that question yet).

It will allow the fstat after the open to deside if the file is
readable or not.  At least that's the theory.  It will also allow one
to know if the symlink race was tried.  It will also allow you to not
open the devices that might have side effects.

: > Also, there's a desire to do something which we can add to 1.5. It's too
: > late for 1.5 itself, but it's easier to add an open flag to 1.5.1 than a
: > new system call.
: 
: If it's deemed safe to use this kind of test to determine if a process
: is running set-ID:
: 
: 	if ((geteuid() == getuid()) && (getegid() == getgid())) {
: 		/* process is not running set-ID */
: 	}
: 
: then I'd say throw that in to the resolver code around the code that
: implements $HOSTALIASES (and maybe $LOCALDOMAIN), and that'll be it.

That's not safe.  That's the whole reason for the issetuid() system
call.  If the process does a setuid(geteuid()) early, then this test
will fail to properly exclude things.

Warner