From owner-freebsd-current  Tue Dec 24  6:11:13 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5115937B401; Tue, 24 Dec 2002 06:11:12 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C748643F0A; Tue, 24 Dec 2002 06:11:11 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.6/8.12.5) with SMTP id gBOEBE1Z044096;
	Tue, 24 Dec 2002 09:11:14 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 24 Dec 2002 09:11:14 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Poul-Henning Kamp <phk@freebsd.org>
Cc: current@freebsd.org
Subject: Re: revoke(2) redux...
In-Reply-To: <30917.1040730025@critter.freebsd.dk>
Message-ID: <Pine.NEB.3.96L.1021224090817.41283C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On Tue, 24 Dec 2002, Poul-Henning Kamp wrote:

> Isn't there a pretty obvious race between the revoke() and the open() ? 
> 
> Wouldn't it in fact make much more sense if revoke(2) was defined as
> 
> 	int revoke(int fd); /* kick everybody else off */
> 
> and the code above would look like: 

There are many races here, but one race is closed by this.  The way the
login process works is that it chowns the device, then revokes the device.
If the problem being addressed is that fd's remain open even after the
chown, then revoke works fine, since once you've chowned/chmodded the
file, the original process with a normal user uid can't re-open.  That
said, revoke() has terrible properties from a VFS perspective.  I'd be
interested in learning about the approaches taken in Linux, etc, to
address the same problem.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message