From: Jan Harkes <jaharkes@cs.cmu.edu>
To: RAMON_GARCIA_F <RAMON_GARCIA_F@terra.es>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Suggestion for a new system call: convert file handle to a cookie for transfering file handles between processes.)
Date: Mon, 21 Jul 2003 13:27:06 -0400 [thread overview]
Message-ID: <20030721172656.GA32597@delft.aura.cs.cmu.edu> (raw)
In-Reply-To: <5df3060bad.60bad5df30@teleline.es>
On Mon, Jul 21, 2003 at 07:04:29PM +0200, RAMON_GARCIA_F wrote:
> And that is exactly the reason why I like the interface that I designed.
> As opposed to transfer of handles through unix domain sockets, that is
> tied to unix sockets, my interface is more primitive. It is not tied to
> anything. You get a representation of a file handle, and then you can
> transfer it through a regular file, a pipe, ...
There are many arguments against it.
- Cookies are only useful on the local system, files, pipes, tcpsockets
etc. are cross-platform.
- Refcounting issues, a rogue application can quickle use up kernel
resources by requesting thousands of cookies, he isn't even limited by
per-process resource limits, as it is possible to open a file, grab a
cookie, and close the file. The only 'solution' you have is a timeout
on the cookie, possibly this could be extended by some scheme where
cookies are dropped more agressivly. But any such solution will either
not be sufficient to protect the system from resource exhaustion or
provide the opportunity for denial of service attacks.
- Technically the SCM_RIGHTS message that is passed across the
socketpair(2) or Unix domain socket contains pretty much the cookie
you are talking about, but it has several useful properties. The
process is required to keep the filehandle open until the message is
passed, so it has to obey per-process resource limits. There is strict
refcounting and no workarounds required to expire handles, the
SCM_RIGHTS method is portable across pretty much all Unix systems.
- It is trivial to implement your proposal in userspace based on the
existing primitives (simple library + daemon solution). But it is not
possible to implement the exact semantics of the existing primitives
in userspace if they are replaced by your proposed cookies in the
kernel.
Jan
next prev parent reply other threads:[~2003-07-21 17:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-21 17:04 Suggestion for a new system call: convert file handle to a cookie for transfering file handles between processes.) RAMON_GARCIA_F
2003-07-21 17:27 ` Jan Harkes [this message]
2003-07-21 19:31 ` Ingo Oeser
2003-07-21 19:06 RAMON_GARCIA_F
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030721172656.GA32597@delft.aura.cs.cmu.edu \
--to=jaharkes@cs.cmu.edu \
--cc=RAMON_GARCIA_F@terra.es \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.