[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: port-filename and path canonicalization
From: |
Thien-Thi Nguyen |
Subject: |
Re: port-filename and path canonicalization |
Date: |
Wed, 21 Apr 2010 21:16:30 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.91 (gnu/linux) |
() address@hidden (Ludovic Courtès)
() Wed, 21 Apr 2010 10:49:05 +0200
I think open file ports shouldn’t grant any authority beyond
access to the open file. Just like an open file descriptor
doesn’t convey any authority beyond access to the underlying
file (if we omit ‘..’ lookups on a directory file descriptor
with openat(3)).
I agree (and was about to cite openat(3) et al -- glad you
beat me to it!), but that's neither here nor there:
Whether or not the authority associated with the containing
directory is user-visible is a design detail of the directory
object. (More information need not imply more access.)
That is, if a file port supports ‘file-port-directory’, then how
to use/restrict the resulting object is left up to higher layers,
where it belongs.
Reifying directories is good for both security and efficiency.
Why chase symlinks and {l}stat(2) more than necessary?
thi
- Re: file names embedded in .go, (continued)
Re: file names embedded in .go, Andy Wingo, 2010/04/20
port-filename and path canonicalization, Ludovic Courtès, 2010/04/19
Re: port-filename and path canonicalization, Ludovic Courtès, 2010/04/20
Re: port-filename and path canonicalization, Andy Wingo, 2010/04/22
Re: port-filename and path canonicalization, Ludovic Courtès, 2010/04/22
Re: file names embedded in .go, Ludovic Courtès, 2010/04/19