Re: Authorization Question (Possibly a simple POSIX question?)
Re: Authorization Question (Possibly a simple POSIX question?)
- Subject: Re: Authorization Question (Possibly a simple POSIX question?)
- From: "Stephen J. Butler" <email@hidden>
- Date: Fri, 21 Aug 2009 14:24:13 -0500
On Fri, Aug 21, 2009 at 2:12 PM, Seth Willits<email@hidden> wrote:
>> The second bit of information is that permissions are tested at the time
>> of the open(). Once you have the file descriptor, you can use it without
>> further checks.
>
> That's the bit that confuses me, because it seems to be a security gap. It
> sounds like I could just spawn an application which reads from every single
> file descriptor from 1 on up. If any other process opened a protected file
> then my app could read its data without any security check at all? That
> doesn't seem right.
File descriptors are not shared between processes; hence all the hoop
jumping with sendmsg/recvmsg.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden