setuid programs, locking

[utzoo!decvax!duke!unc!smb]

I've attempted to send this item to fa.unix-wizards via the ARPAnet;
in case it doesn't make it, here it is again for all you Usenet fans.


Much more use should be made of the FIOCLEX ioctl call.  Setuid
programs that don't use it run the risk of some child process they
spawn -- say, in response to ! requests -- finding interesting files
open.  And this would answer a question raised about the lock driver --
what should happen when the process that opened it terminates.  If it
had used FIOCLEX on the lock file, there would be no problem about the
"feature" of UNIX that was mentioned.  By the way, I would suggest that
the error code in that driver be changed to return EBUSY rather than
EPERM; that way, some lock special files could be restricted to certain
users, programs, etc -- you might not want a random user grabbing the
lock on /etc/passwd, say.

A few other comments on the lock driver:  (a) it doesn't allow for
locking of arbitrary objects, such as uucp's ttys, or individual
mailboxes; (b) it doesn't allow "read-only" access to a locked object.
That is, I may want to lock a database record to examine it.  Anyone
else should be allowed to examine it, but no one should be allowed to
modify it till I release the lock.  (c) it would be nice to be able
to sleep in the kernel on a lock request; if you want to time out, you
can use alarm() yourself; (d) does anyone know anything about the ONYX
locking code?  I understand that they have placed it in the public
domain (at least to holders of WE licenses) so that it could become
"standard".