• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authorization Question (Possibly a simple POSIX question?)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization Question (Possibly a simple POSIX question?)

  • Subject: Re: Authorization Question (Possibly a simple POSIX question?)
  • From: "Stephen J. Butler" <email@hidden>
  • Date: Fri, 21 Aug 2009 14:40:15 -0500
On Fri, Aug 21, 2009 at 2:12 PM, Seth Willits<email@hidden> wrote:
>> The second bit of information is that permissions are tested at the time
>> of the open().  Once you have the file descriptor, you can use it without
>> further checks.
>
> That's the bit that confuses me, because it seems to be a security gap. It
> sounds like I could just spawn an application which reads from every single
> file descriptor from 1 on up. If any other process opened a protected file
> then my app could read its data without any security check at all? That
> doesn't seem right.

Think of it this way: every process has stdin, stdout, and stderr
opened for it on file descriptors 0, 1, and 2 respectively. But not
all processes share the same stdin, right! If I do this command:

echo "hello" | gzip -c > somefile.txt

The stdout of "echo" is connected to the stdin of "gzip", and "gzip"s
stdout is connected (by the shell) to a file. So even though they all
have stdin as 0, and stdout as 1, each command sees something
different... because file descriptor numbers are local to the process.

When you use sendmsg to pass a fd, you are telling the kernel "dup()
file fd into the receiving process during transit" (because you can't
do that yourself). Maybe on the sendmsg side of things, the fd is 34.
But on the recvmsg side, it could end up as 42! Who knows, and you
shouldn't care.

Unsurprisingly, Windows takes a slightly different approach. Instead
of having the kernel dup() the handle in transit, you do it youself
using DuplicateHandle(). The resultant handle is meaningly in your
process, you're just supposed to copy the raw value to the destination
however you like.
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Authorization Question (Possibly a simple POSIX question?) (From: Seth Willits <email@hidden>)
 >Re: Authorization Question (Possibly a simple POSIX question?) (From: Ken Thomases <email@hidden>)
 >Re: Authorization Question (Possibly a simple POSIX question?) (From: Seth Willits <email@hidden>)

  • Prev by Date: Re: Formatting/partitioning drives with Cocoa
  • Next by Date: Dynamically open file with application of end user choise......
  • Previous by thread: Re: Authorization Question (Possibly a simple POSIX question?)
  • Next by thread: Re: Authorization Question (Possibly a simple POSIX question?)
  • Index(es):
    • Date
    • Thread