On Fri, 2009-07-03 at 05:45 -0700, Casper Dik wrote: > This project proposes two new "basic" privileges. > > FILE_READ > Allows a process to read a file or directory whose > permission or ACL allow the process read permission. > > FILE_WRITE > Allows a process to write a file or directory whose > permission or ACL allow the process write permission.
I have no problem with these new privileges, but do have one question regarding the semantics of adding them to the basic set. How will this affect processes that may be specifying individual privileges in the "basic" set by enumeration rather than specifying "basic" itself in the various APIs? Will they cease to be able to read and write files? Do such applications exist? -Seb
