Linus wrote: > It would be insane to say that the open system call should have an > explicit argument saying that the vfs layer should take your privileges > into account.
On the contrary, it would be a big improvement on the current interface. To be clearer, it would be great if the open system call took an explicit argument saying *which* privileges it should take into account. All that screwing around with uid, euid and fsuid and crap would be a lot simpler if it was explicit in the open() call which permissions were desired. In my "If I had a time machine and could go back and talk to Ken & Dennis" fantasy, there would be no open(), only openat(), and the permissions would be associated with the dirfd. In addition to the now-current standard three fds, there would be additional ones for root and cwd. And, in a setuid program, a separate set for effective uids. So openat(fd, path, flags) would use the real or effective permissions depending on which fd was in use. A process could drop permissions by closing the associated fd. Etc. (And a program which was written without setuid awareness would only use the real-uid dirfds, and the setuidness would do nothing.) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
