Re: Should kqueue descriptors work outsid of the creating process?

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> Recently we found out (PR kern/46463) that kqueue() file descriptors,
> which originaly were designed to be "local process only" objects,
> could be passed with SCM_RIGHTS messages to other processes.  [...]

> I propose to not allow sending kqueue file descriptors [...]

> Or are there any legit uses for "foreign" kqueue()s?

It seems to me, for what it may be worth, that this is asking the
wrong question.  Rather, I would ask whether there are illegitimate
uses for `foreign' kqueue descriptors, and, if not, fix them to be
passable like any other descriptors.

It's certainly possible there are such uses we want to forbid.  I don't
know kqueue well enough to address that point myself.  But your post
doesn't give any particular reason to think there are.

> I don't see any, the alien process could just create its own kqueue()
> and add the same events instead of passing the filedescriptor over.

The same argument could be applied to descriptors on /dev/null, too,
but we don't forbid passing them.

That's a somewhat silly analogy, but I think at its core it's basically
my argument: we shouldn't forbid things by default, and "there are
other ways to accomplish the same effects" isn't reason enough to
prohibit something.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B