> Recently we found out (PR kern/46463) that kqueue() file descriptors, > which originaly were designed to be "local process only" objects, > could be passed with SCM_RIGHTS messages to other processes. [...]
> I propose to not allow sending kqueue file descriptors [...] > Or are there any legit uses for "foreign" kqueue()s? It seems to me, for what it may be worth, that this is asking the wrong question. Rather, I would ask whether there are illegitimate uses for `foreign' kqueue descriptors, and, if not, fix them to be passable like any other descriptors. It's certainly possible there are such uses we want to forbid. I don't know kqueue well enough to address that point myself. But your post doesn't give any particular reason to think there are. > I don't see any, the alien process could just create its own kqueue() > and add the same events instead of passing the filedescriptor over. The same argument could be applied to descriptors on /dev/null, too, but we don't forbid passing them. That's a somewhat silly analogy, but I think at its core it's basically my argument: we shouldn't forbid things by default, and "there are other ways to accomplish the same effects" isn't reason enough to prohibit something. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B