[Fontconfig] Application startup performance
nick.alcock at oracle.com
Wed Jan 13 12:08:22 PST 2016
On 12 Jan 2016, u-pnrz at aetey.se stated:
> On Tue, Jan 12, 2016 at 12:14:26AM +0000, Nick Alcock wrote:
>> > As soon as there are ACLs on the file system, the mode bits are broken
>> > and plainly "wrong".
>> Also with setuid/setgid, LSMs, etc. It is generally a mistake to try to
>> interpret mode bits programmatically at all.
> Nevertheless even some widely deployed and critical programs do this.
> Openssh for example, without any switch to turn off the "safety net
> heuristics" when it becomes nonsence.
OpenSSH is one of the few examples where it is almost justified, because
it's trying to determine if *another user* can access the files in
question. The only way to do this 'right' would be to fork a setuid
nobody process and let it try to open the file, which seems an extremely
expensive thing to do on every connection. (Or to have a setuid nobody
persistent child of the main sshd which did the work, I suppose -- but
even *that* might be fooled by networked filesystems, which might deny
access to the checking process running on *this* machine but allow it to
other users. Mind you, the current implementation falls into this trap
anyway: ACLs, as you mention... anyway, this is all more or less off
topic on this list.)
NULL && (void)
More information about the Fontconfig