File descriptors as capabilities

File descriptors in Unix mostly behave like capabilities: they can be passed between processes (using sendmsg()/recvmsg()), and they can be used regardless of the process's identity. There are some exceptions, however.

fchmod()

fchmod() only works if the inode's owner is the same as the process's UID.

tty FDs and job control

The process's current process group affects what happens when the process tries to read from or write to a tty FD.

fcntl() locking

With fcntl() file locking, locks are held by processes. This is in contrast with lockf() file locking, where locks are associated with file descriptors.

SELinux and AppArmor

These systems apply additional checks to operations on file descriptors based on the process's identity.

FileDescriptorsAsCapabilities (last edited 2008-04-30 20:12:21 by MarkSeaborn)