Re: inode open

[Johnny Billquist <bqt%softjar.se@localhost>]

Bill Stouder-Studenmund wrote:
> On Wed, Jul 16, 2008 at 05:18:47PM -0400, Steven M. Bellovin wrote:
> > On Wed, 16 Jul 2008 13:34:34 -0700
> > Jason Thorpe <thorpej%shagadelic.org@localhost> wrote:
> >
> > > On Jul 16, 2008, at 7:47 AM, Matt Thomas wrote:
> > >
> > > > Besides the fhopen(2) previously mentioned, this isn't available  
> > > > because it would break the security used by unix.
> > >
> > > Other Unix-like platforms (Mac OS X) can do this without breaking
> > > the Unix security model.  We should be able to, too.
> > I'm curious how they do it.  Today, I can safely have a mode 666 file
> > inside a 700 directory.  A setuid program can cd to that directory,
> > surrender privilege, and then operate on the files.  The real user
> > can't get to that directory, and hence can't touch the files -- but if
> > it could open things by i-node number, it could.  (I first saw that
> > technique used in an old MTA, MMDF, circa 1979.)
>
> MacOS's open-by-inode gets the vnode, gets the path, and makes sure the 
> user can access the path. At present, I believe it only tries one path, so 
> you might get odd results w/ hard links. But then again hardlinks + a 
> security environment where you really care about directory access 
> permissions is dodgy. It might work fine, it might not. :-)
>
> Take care,

Trying to look at MacOS right now, but can't find a function to open a 
file by inode number. What's the name of the function?
(I'm just curious...)

        Johnny