Date: Tue, 28 Oct 2003 04:46:36 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Leo Bicknell <bicknell@ufp.org> Cc: freebsd-hackers@freebsd.org Subject: Re: non-root process and PID files Message-ID: <3F9E652C.B7CB762B@mindspring.com> References: <3F9CF3F6.8307.ABC1250@localhost> <20031027171500.GF35805@ussenterprise.ufp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Leo Bicknell wrote: > Dan Langille wrote: > > Any suggestions? > > Here's a slightly backwards concept. > > We're all familar with how you can open a file, remove it from the > directory, and not have it "go away" until the application closes > it. Well, extend those semantics to the namespace. > > That is, have a directory where any name that does not exist can be > opened RW, any name that does exist can be opened RO. A file is > automatically removed when no one has an open descriptor to it anymore. This is a somewhat neat idea. However, it would open a pretty big race window, and you could denial-of-service a server by creating a PID file belonging to some server, and leaving it there with a bogus PID in it, and anything that was watching the file R/O to kill -0 it to check if the processs needs to be restarted would always think the process needs to be restarted. 8-). Basically, all your processes would end up needing to be SUID root, at least initially, which would mean breaking most mail server software. They'd need that so that you could deny any create except by root to keep ordinary users from DOS'ing a daemon. -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F9E652C.B7CB762B>