Re: O_NOACCESS?

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

>>> Why not use O_DIRECTORY (which is part of -current) and add that to
>>> flags?
>> Backporting that might be a better alternative.  What are its
>> semantics?
> It means the open will only succeed is the file is a directory.

Worth having, but not sufficient by itself, because it still requires
something in the low two bits, and without something like O_NOACCESS
there is nothing you can pass there that will let you open a directory
you have neither read nor write access to (even if you have search
access to it).

In a private exchange with someone else, I've determiend that it
definitely needs more restrictions than I've got on it now, because
what I have lets anyone flock() anything - flock does not require FREAD
or FWRITE - and lets anyone open any device special file (for no
access, but depending on the driver that can still be substantial) and
lets anyone keep a big file from being destroyed by having an open
descriptor on, in each case requiring no more access than the ability
to name the object (ie, search access on the containing directory and
the path leading to it).

I really should not have needed to have those pointed out to me.

My current plan is to add O_DIRECTORY as well and make O_NOACCESS work
only when combined with it.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B