Re: O_SAFER

[Eric Blake]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Paolo Bonzini on 8/24/2009 5:20 AM:
>> Yes, but better call it O_NONSTD
> 
> O_NOSTDFD?

I'm in the middle of writing an RFC email to lkml (with bug-gnulib in cc);
I'm using the name O_NOSTD for now, but mentioning the other names we've
thought of.

We get
>> some problem with unistd--.h and fcntl--.h: How do we define open()
>> such that
>>     open (s, f [, m]) ::= open (s, f | O_SAFER [, m])
>> That becomes a bit hairy.

It would be done as follows (leaving the declarations pretty much as it
already is, and just changing the implementation of open_safer to calling
open with a new flag rather than calling fd_safer(open)):

fcntl.h/open.c - declares open, implements open (s, O_SAFER [, m])

fcntl_safer.h/open-safer.c - decares open_safer (s, f [, m]), which calls
open (s, f | O_SAFER [, m])

fcntl--.h - #define open open_safer

Users who care about manipulating std descriptors (such as open-safer.c)
use fcntl_safer.h but NOT fcntl--.h, and must manually distinguish between
open (f), open (f|O_SAFER), and open_safer.  But the bulk of the users
include fcntl--.h, and see no difference.


> ... what about creat, too?

creat already has issues (for example, you can't specify O_TEXT or
O_BINARY with creat; you can't specify O_NOCTTY to protect yourself from
obtaining a controlling terminal, ...); portable code already uses open()
rather than creat().

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqSeeMACgkQ84KuGfSFAYC7BQCggZqT51zTbiexPI8YcmO5njx2
G8AAn1ymtkOtP4at/RpvsJR9AUfIwtLt
=Rl/f
-----END PGP SIGNATURE-----