On Fri, 28 Sep 2001, R. C. Dowdeswell wrote:

# Hmmm, I did not consider that.  Of course, once you've handed the
# fd to another process like that, it could simply hand the fd out
# to anyone who asked for it, circumventing the permissioning in a
# very similar way.  The big problem would be if you had a file with
# group or other write permissions set, then the second process could
# link it to the fs and re-open it with elevated permissions, which
# would be a significant minus.  So, scratch that idea for now.

Take into consideration that if you're handed an fd on, say, an internal
socket, that's not a valid candidate for a link, and that's what most
IPC runs on.  Even if you're handed an fd on a UNIX domain socket, then
all you'll get is the link to the socket.  Big deal.  As I understand
sockets, you can't create the socket until you've gone through the rigmarole
needed beforehand, and then only the process that created it can use it.
[I'm woefully undereducated on this subject only having tried it once.]

...or are you thinking:

	setgid(egid);
	fd=open(...);
	switch(fork()) {
	case -1:
		error("fork");
		break;
	case 0:
		setgid(gid);
		kidstuff(fd);
		break;
	default:
		wait4(...);
	}

...but that kind of coding doesn't make sense.  Where are you going to get
a random fd to a *file* (link() doesn't like directories) via IPC?  I don't
recall being able to inherit one across processes unless it's from a parent!

#  == Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/  ==
#  == The Unofficial NetBSD Web Pages        http://www.Imrryr.ORG/NetBSD/  ==
#  == The NetBSD Project                            http://www.NetBSD.ORG/  ==
#  == Ponte, Inc.                                    http://www.ponte.com/  ==


				--*greywolf;
--
My other computer runs NetBSD.