[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: port-filename and path canonicalization

From: Thien-Thi Nguyen
Subject: Re: port-filename and path canonicalization
Date: Wed, 21 Apr 2010 21:16:30 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.91 (gnu/linux)

() address@hidden (Ludovic Courtès)
() Wed, 21 Apr 2010 10:49:05 +0200

   I think open file ports shouldn’t grant any authority beyond
   access to the open file.  Just like an open file descriptor
   doesn’t convey any authority beyond access to the underlying
   file (if we omit ‘..’ lookups on a directory file descriptor
   with openat(3)).

I agree (and was about to cite openat(3) et al -- glad you
beat me to it!), but that's neither here nor there:

Whether or not the authority associated with the containing
directory is user-visible is a design detail of the directory
object.  (More information need not imply more access.)

That is, if a file port supports ‘file-port-directory’, then how
to use/restrict the resulting object is left up to higher layers,
where it belongs.

Reifying directories is good for both security and efficiency.
Why chase symlinks and {l}stat(2) more than necessary?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]