`sys_fd_stat_put` doesn't require `rights.fd_datasync` for setting `fdflags.dsync`

Question

`sys_fd_stat_put` doesn't require `rights.fd_datasync` for setting `fdflags.dsync`

Opened this issue 5 years ago · 0 comments

The right rights.fd_datasync includes "If rights.file_open is set, includes the right to invoke file_open with fdflags.dsync." However, if one has the rights.fd_stat_put_flags right, it would appear one could invoke sys_fd_stat_put_flags with fdsflags.flags to set the fdflags.dsync flag, which would be a way to obtain a file descriptor with fdflags.dsync without having rights.fd_datasync.

Consequently, if one wishes to withhold the ability to open files with fdflags.dsync set, clearing the rights.fd_datasync right might seem sufficient, but isn't: one must also clear the rights.fd_stat_put_flags right as well. It would seem more consistent to make sys_fd_stat_put_flags require rights.fd_datasync for setting fdflags.dsync.

Similar considerations apply to rights.fd_sync, fdflags.rsync, and fdflags.dsync.