[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: io_close proposal

From: Marcus Brinkmann
Subject: Re: io_close proposal
Date: Fri, 17 May 2002 02:28:35 +0200
User-agent: Mutt/1.3.28i

On Thu, May 16, 2002 at 09:34:28AM -0700, Thomas Bushnell, BSG wrote:
> Marcus Brinkmann <address@hidden> writes:
> > Another idea: The actual number of extinct send rights (instead just a
> > boolean) could be helpful.  If the server would get the exact number, and
> > it would be 1 (assuming the user does not transfer the send right),
> > he would know that the send right used to send the message was the only
> > one, and he could just go forward and destroy the port.
> > But I don't think this solution (if it is one) is very elegant.
> You mean the number of extant send rights.  Mach will give you this
> information, but it is never reliable for this kind of purpose.  It
> might be two when you call, and immediately one after that.

Well, the real problem, and the explanation why my idea won't work is this:

If the server sees 1 extant send right, he doesn't know if this is the
callers extant send right, or if the number of extant send rights has been
2 and the caller did:

mach_port_deallocate(mach_task_self(), port);

So my idea doesn't work.  If we would not have asynchronous messages,
this attack in the client probably wouldn't work (assuming proper guarantees
by the kernel).  Well, I don't think it was obvious, so it is good to have
this idea proposed, discussed and dismissed.

This was my last trick, I don't have any better idea than sending the send
right in the message.  So if nobody else has, we must concentrate on making
this solution work.


`Rhubarb is no Egyptian god.' Debian address@hidden
Marcus Brinkmann              GNU    address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]