Ar Llu, 2006-08-07 am 22:41 +0200, ysgrifennodd Edgar Toernig: > It seems, revoke was intended to disable access to tty devices > from old processes in a controlled way. Sounds sane. Thats the root from which it comes but that alone is insufficient which is why our vhangup is not enough. > Your implementation is much cruder - it simply takes the fd > away from the app; any future use gives EBADF. As a bonus, It needs to give -ENXIO/0 as per BSD that much is clear. > it works for regular files and even goes as far as destroying > all mappings of the file from all processes (even root processes). > IMVHO this is a disaster from a security and reliability point > of view. Actually its no different than if it didn't. The two are identical behaviours. To use revoke() I must own the file If I own the file I can make it a symlink to a pty/tty pair I can revoke a pty/tty pair > A serious question: What do you need this feature of revoking > regular files (or block devices) for? Maybe my imagination > is lacking, but I can't find a use where fuser(1) (or similar > tools) wouldn't be as good or even better than revoke(2). On a typical non-SELinux system with a typical desktop configuration (SELinux can effectively replace revoke) you need revoke on block devices in order to guarantee security and on other char devices for privacy. I'll provide some demonstrations after we have revoke in some form in the kernel and the problems in question fixed. There are specific cases where being able to revoke access to one of your files is useful as well, particularly if you are moving it from open permissions to private permissions. That one is to be honest much less interesting and it is easy enough to make our revoke() implementation return -EINVAL. The driver only case actually makes it a lot easier because you only need to set some kind of f_revoked flag on files owned by that device, truncate the virtual memory mappings and then call the driver method. The driver would then honour ->f_revoked in its own ioctl/read/write methods or in the helpers. Alan - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html