Dirk Engling <erdge...@erdgeist.org> writes: > you may have a wrong understanding of what the difference between a file > and its names is. The moment you open a file, the system call checks the > permissions and if you are allowed to read the file, returns another > name for your file, the fd.
Descriptors aren't names. Names are just labels; descriptors are live objects which tie processes to vnode or sockets. > If you change permissions on the file name in the file system, your file > descriptor is not affected. The overhead for chasing changes in your > directory structure (and nothing else is changing permissions) on every > read() system call would just not be bearable. It would be quite trivial, actually, but not desirable. The way it works now allows privileged processes to pass descriptors to restricted files to unprivileged processes, or to drop privileges before operating on them. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
