-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Mar 07, 2018 at 01:11:52PM +0100, epsilon...@tutanota.com wrote: > Tomas and Dan, thanks for the explanations. So if the process have already a > handle (file descriptor) to apple, it can continue using it, even when I > chmod 700 one of its parents. On the other hand, any new process trying to > get a handle to apple MUST traverse the directory tree. This is what I > understand. Thanks again for the explanations.
Yes, that sounds about right, perhaps with a small correction: it doesn't have to traverse the whole path from root if it has a handle to an intermediate directory: that's what the system call openat() is for. Cheers - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlqf1/8ACgkQBcgs9XrR2kZqIQCfYYuI6+7LShtFutPaatg2wd48 CioAnRU9aCHc4ZvDE9hwllp7fCeTA653 =7+m3 -----END PGP SIGNATURE-----