Jaromir Dolecek wrote:

> Simon Burge wrote:
> > It looks like file handles should be unique (right?) but you can't get
> > a filehandle unless you are root.  Is this restriction because of the
> > directory access check bypass?  If so maybe when getfh() is run as
> > non-root we could do the full directory access check.  Or is there a
> > more sinister reason not to give out file handles to non-root processes?
> 
> The problem here is not getfh(), the problem are the other filehandle
> routines. If you give them any random number as the filehandle, they
> would try to do their staff without any checking if the filehandle
> has been previously returned from getfh() call. So given you know
> the filehandle of the file you want to access, you don't need
> to call getfh() at all - so you can bypass the directory permissions.

I must be missing something really obvious here - don't the other
filehandle routines also require root privs, so it's not as if a
user process can do anything with a filehandle?  Why does getting a
filehandle require root as well?

Simon.