Subject: Re: Silly (?) new ideas
To: None <rhialto@mbfys.kun.nl>
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
List: current-users
Date: 03/29/1994 11:40:12
Neat idea.

The security implications of this are, umm, interesting.

/proc/<pid>/fd should certainly be mode 700 to prevent spying on other
user's processes.

The correct behavior in the presence of setuid would be hard to work
out since some of the fd's might only have been accessible under the
original permissions while others are accessible only under the new
permissions..

   (either by copying stuff over the
    vnode of newfd, or by changing all references, whichever is easier).

"copying stuff over the vnode" is just plain wrong because of the way
that vnodes are shared and cached; being easier has nothing to do with
it.

							- Bill

------------------------------------------------------------------------------