This project proposes two new "basic" privileges.
FILE_READ
Allows a process to read a file or directory whose
permission or ACL allow the process read permission.
FILE_WRITE
Allows a process to write a file or directory whose
permission or ACL allow the process write permission.The purpose of these privileges is the ability to create a "read-only" (no FILE_WRITE privilege) and a "write-only" (no FILE_READ privilege) process.The FILE_WRITE basic privilege is required for any modification to a file or directory: open(2), creat(2), link(2), symlink(2), rename(2), unlink(2), mkdir(2), rmdir(2), mknod(2) etc.The FILE_READ basic privilege is required for opening a file with O_RDONLY or O_RDWR.Note: a "basic" privilege is a privilege which is part of the default I, P and E privilege set.
Monday, August 10, 2009
Read or Write Only Process
PSARC/2009/378:
No comments:
Post a Comment