Subject: Re: Addition to force open to open only regular files
To: None <tech-kern@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 11/17/2000 13:00:38
[ On Friday, November 17, 2000 at 14:13:57 (+0100), Olaf Seibert wrote: ]
> Subject: Re: Addition to force open to open only regular files
>
> The obvious solution, although maybe not very Unixy, is to split the
> open(2) operation.
I'm not conviced that's even the obvious solution. open_as() is more
obvious, and a set of filesystem-ID credentials is perhaps the more
generic solution to cover all filesystem accesses, though it's
potentially just as dangerous as ID swapping (I haven't yet explored the
full range of possibilities with it yet).
The "unixy" solution is to make sure that open(2) can't do any damage,
no matter what file or device it touches. That implies close(2) is safe
too, even if it's the last close, which of course implies that if tape
devices are to rewind on last close (and I agree they should), then
programmers using individual tools to manipulate tools need to have a
simple mechanism that can "lock" a tape device such that it won't rewind
accidentally if they're going to be doing sevaral independent operations
on the media in that device (which might be as simple as a little
sub-shell process that holds the no-rewind device open until killed).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>