tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: core statement on fexecve, O_EXEC, and O_SEARCH



> This system call embodies a fairly fundamental shift away from the
> Unix model that object permissions are checked when you get a handle
> to an object -- not when you use that handle.

Actually, I think that's true only of file descriptors.  I'm having
trouble thinking of any other case where permissions are checked at
handle create rather than at use.  For example, if you chdir(), then
you still need search access when you do lookups (in this case access
is checked at both times).  When you read/write a tty, SIGTTIN/SIGTTOU
checking takes place with respect to process groups at time of
read/write, not time of open.  kill(2) checks UIDs at time of calling
kill(), not time of your getting the PID of the target.  To name just
three examples.

Indeed, I think file descriptors are the odd ones out here, not the
other way around.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index