Re: Should kqueue descriptors work outsid of the creating process?

To: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>, tech-kern%NetBSD.org@localhost
Subject: Re: Should kqueue descriptors work outsid of the creating process?
From: jnemeth%victoria.tc.ca@localhost (John Nemeth)
Date: Sat, 2 Jun 2012 04:07:11 -0700

On Oct 21,  9:16am, Matthew Mondor wrote:
} On Thu, 31 May 2012 10:38:38 -0400 (EDT)
} Mouse <mouse%Rodents-Montreal.ORG@localhost> wrote:
} 
} > > Recently we found out (PR kern/46463) that kqueue() file descriptors,
} > > which originaly were designed to be "local process only" objects,
} > > could be passed with SCM_RIGHTS messages to other processes.  [...]
} > 
} > > I propose to not allow sending kqueue file descriptors [...]
} > 
} > > Or are there any legit uses for "foreign" kqueue()s?
} > 
} > It seems to me, for what it may be worth, that this is asking the
} > wrong question.  Rather, I would ask whether there are illegitimate
} > uses for `foreign' kqueue descriptors, and, if not, fix them to be
} > passable like any other descriptors.
} 
} It's true that it's normally the parent's reponsibility to decide which
} FDs to close or set close-on-exec before fork(2)... Was there a design
} decision not to inherit kqueue descriptors for security or complexity
} reasons?
} 
} Since signals, signal mask, signal stack and restart/interrupt flags
} are also inherited according to sigaction(2), probably that an
} EVFILT_SIGNAL filter would still be valid...
} 
} But how about EVFILT_TIMER?  timer_create(2) timers are not inherited,
} setitimer(2) doesn't specify, but it also uses the same ptimers pool
} timer_create(2) uses.  EVFILT_TIMER apears to use its own system though.
} 
} For EVFILT_PROC, it appears to be for the specified process, so I guess
} it might still work if inherited?
} 
} And there also EVFILT_VNODE... who knows what other filters might be
} added in the future?
} 
} What I can see is that the implications of inheriting this special
} descriptor are quite more complex than for normal FDs...  Which makes
} me think that it very well could be a design decision not to inherit
} these, in which case I don't object to also prevent passing it via
} SCM_RIGHTS ancillary message.

    Although, I don't know much about kqueue, I disagree with this.
Passing kqueue FDs via fork could be considered an oversight,
especially since they don't normally get inherited.  However, passing
them via SCM_RIGHTS is a very deliberate action.  We should assume that
any application doing this knows what it is doing.

}-- End of excerpt from Matthew Mondor

References:
- Re: Should kqueue descriptors work outsid of the creating process?
  - From: Matthew Mondor

Prev by Date: Re: Rump FS throughput
Next by Date: Re: Rump FS throughput
Previous by Thread: Re: Should kqueue descriptors work outsid of the creating process?
Next by Thread: kern/46494 (cgd on 4K sector disk)
Indexes:

Home | Main Index | Thread Index | Old Index