From owner-freebsd-current  Tue Dec 24  6:42:49 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B534437B401; Tue, 24 Dec 2002 06:42:48 -0800 (PST)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2A1D243EC2; Tue, 24 Dec 2002 06:42:48 -0800 (PST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1])
	by khavrinen.lcs.mit.edu (8.12.6/8.12.6) with ESMTP id gBOEglY2034857
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK);
	Tue, 24 Dec 2002 09:42:47 -0500 (EST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.12.6/8.12.6/Submit) id gBOEgkU5034854;
	Tue, 24 Dec 2002 09:42:46 -0500 (EST)
	(envelope-from wollman)
Date: Tue, 24 Dec 2002 09:42:46 -0500 (EST)
From: Garrett Wollman <wollman@lcs.mit.edu>
Message-Id: <200212241442.gBOEgkU5034854@khavrinen.lcs.mit.edu>
To: Poul-Henning Kamp <phk@FreeBSD.ORG>
Cc: current@FreeBSD.ORG
Subject: revoke(2) redux...
In-Reply-To: <30917.1040730025@critter.freebsd.dk>
References: <30917.1040730025@critter.freebsd.dk>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

<<On Tue, 24 Dec 2002 12:40:25 +0100, Poul-Henning Kamp <phk@FreeBSD.ORG> said:

> Isn't there a pretty obvious race between the revoke() and the open() ?

To the extent that the race matters, it is obviated by making sure
that only the current user has permission to open the device.  If the
user somehow manages to open a device that he owns anyway, it's his
problem if doing so screws it up.

revoke() was a POSIX invention; it replaces the older vhangup().  The
problem with vhangup() was that it merely signalled the previous
openers -- if they had a SIGHUP handler installed, they did not
actually lose access to the device.

AIX has an extension such as you suggest (they call it frevoke()).
AIX also implements it for all vnodes, not just device-specials, so it
is somewhat more general-purpose.  The POSIX function was introduced
for only one reason: to provide a secure replacement for vhangup() in
the POSIX tty model.  Thus, it is not fully general.

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message