On Thu, Jun 22, 2006 at 12:49:03PM -0500, Nicolas Williams wrote:
> On Thu, Jun 22, 2006 at 12:54:32PM +0200, Nicolai Johannes wrote:
> > Concerning the reopen problem of files created in world writable
> > directories: One may use the following algorithm: First compute the
> > permissions of the newly created file. For every permission granted
> > to the user or group, check whether the corresponding
> > identity-privilege is set. If not, the permission also has to be
> > granted for everyone. If this is not the case, file creation is
> > denied.
>
> I was thinking of caching the {vfs, inode #, gen#, pid} and using that
> to allow such processes to re-open files they _recently_ (the cache
> should have LRU/LFU eviction) opened.
That doesn't seem like a very predictable interface. The security guarantees
are not very strong.
Cheers,
- jonathan
--
Jonathan Adams, Solaris Kernel Development
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
