From owner-freebsd-hackers@FreeBSD.ORG Tue Oct 28 05:00:32 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E1AB16A4CF for ; Tue, 28 Oct 2003 05:00:32 -0800 (PST) Received: from razorbill.mail.pas.earthlink.net (razorbill.mail.pas.earthlink.net [207.217.121.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6A7F43FA3 for ; Tue, 28 Oct 2003 05:00:20 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfnd3.dialup.mindspring.com ([165.247.221.163] helo=mindspring.com) by razorbill.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 1AETSI-00050n-00; Tue, 28 Oct 2003 05:00:18 -0800 Message-ID: <3F9E652C.B7CB762B@mindspring.com> Date: Tue, 28 Oct 2003 04:46:36 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Leo Bicknell References: <3F9CF3F6.8307.ABC1250@localhost> <20031027171500.GF35805@ussenterprise.ufp.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4a32724b532e9f4ce5fdc17134384aa3ba8438e0f32a48e08350badd9bab72f9c350badd9bab72f9c cc: freebsd-hackers@freebsd.org Subject: Re: non-root process and PID files X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 13:00:32 -0000 Leo Bicknell wrote: > Dan Langille wrote: > > Any suggestions? > > Here's a slightly backwards concept. > > We're all familar with how you can open a file, remove it from the > directory, and not have it "go away" until the application closes > it. Well, extend those semantics to the namespace. > > That is, have a directory where any name that does not exist can be > opened RW, any name that does exist can be opened RO. A file is > automatically removed when no one has an open descriptor to it anymore. This is a somewhat neat idea. However, it would open a pretty big race window, and you could denial-of-service a server by creating a PID file belonging to some server, and leaving it there with a bogus PID in it, and anything that was watching the file R/O to kill -0 it to check if the processs needs to be restarted would always think the process needs to be restarted. 8-). Basically, all your processes would end up needing to be SUID root, at least initially, which would mean breaking most mail server software. They'd need that so that you could deny any create except by root to keep ordinary users from DOS'ing a daemon. -- Terry