File descriptors
Dag-Erling Smørgrav
des at des.no
Sun Apr 14 00:52:10 UTC 2013
Dirk Engling <erdgeist at erdgeist.org> writes:
> you may have a wrong understanding of what the difference between a file
> and its names is. The moment you open a file, the system call checks the
> permissions and if you are allowed to read the file, returns another
> name for your file, the fd.
Descriptors aren't names. Names are just labels; descriptors are live
objects which tie processes to vnode or sockets.
> If you change permissions on the file name in the file system, your file
> descriptor is not affected. The overhead for chasing changes in your
> directory structure (and nothing else is changing permissions) on every
> read() system call would just not be bearable.
It would be quite trivial, actually, but not desirable. The way it
works now allows privileged processes to pass descriptors to restricted
files to unprivileged processes, or to drop privileges before operating
on them.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list