Subject: Re: How to resolve the filename(s) for a vnode?
To: None <tech-kern@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 10/19/2005 19:30:06
>> For access checks, [...]. I think it would be better to have
>> something like the fh*() family of syscalls for this purpose
> Opening directly by file handle using fhopen(2) has problems.
> Notably: In Unix, restricting the permissions of a common parent in
> the directory hierarchy effectively restricts the permissions
> underneath that common parent, because people can't traverse the
> common parent to get to the children.
Yes. But note that for calls that involve a path walk, I was
recommending using the path which is already at hand. Something
fh*()-like was only for calls which don't involve paths, and for those,
you must already have access to the vnode anyway, so performing checks
based on a path walk is inappropriate. After all, if you open a file
and then, while it's open, protect the path, it doesn't prevent you
from accessing the file as long as you keep it open.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B