The second bit of information is that permissions are tested at the time of the open(). Once you have the file descriptor, you can use it without further checks.
That's the bit that confuses me, because it seems to be a security gap. It sounds like I could just spawn an application which reads from every single file descriptor from 1 on up. If any other process opened a protected file then my app could read its data without any security check at all? That doesn't seem right.
-- Seth Willits _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
