@mjg59 hmmm this and the day that the Linux networking guy invented abstract domain Unix sockets in 1996 would be my candidates for api that makes people cry.
@mjg59 well, it did cause a cve in software i work on, by allowing processes to send each other fds despite no filesystem sharing, and there's no clean ways to block it outside of shoving them in separate netns (with pasta for connectivity) or using various lsms that are very ugly (or cgroup bpf lsm).
idk. whole experience didn't inspire any confidence in Linux security design.
@mjg59 yes, but allowing yeeting them between ostensibly chrooted processes running as different users merely if you're in the same netns is pretty extremely surprising behaviour
HFS/HFS+ had the data information as part of the catalog information, and honestly, I hated it. You can get the same information (going from file descriptor to path) using a slightly different approach, and not lose the ability to have hard links or open-unlinked files -- Linux does this, by having a separation been the file descriptor structure, and the vnode structure.
@kithrup@rfc6919 opened-but-unlinked don't cause problems here, the two main issues are that you can't apply security policy based on path (one file may exist in multiple paths) and you can't look for notifications based on parent directory (if files have no canonical parent, how do you know to notify on modification?)
Add comment