This is beautiful and I've never thought about this before:
the convention we have in Unix to pass pre-opened stdin/stdout/stderr fds is not just a nice way to tell the program where to read its input from and output its result/logs to; it is exactly how capability passing should work in a capability-based system. This also is another reason why accepting an -o option (for "output file") is a bad idea.
Also, this is how socket activation works. systemd (or launchd, or inetd, or what have you) listens on a port or a Unix socket — because, being root, it has rights to. Then it passes a capability — either the bound socket fd, or an individual connection fd — when starting your service. Your service then doesn't have to be privileged, because it doesn't need to be able to open/bind the port/socket.
@bugaevc Got a link?
@bugaevc there was a problem with your link: http://waterken.sourceforge.net/aclsdont/current.pdf worked
@ConnyDuck @Tusky copy a link from some other toot (in this case it was from https://mastodon.technology/@bugaevc/101952678770861956) by long-pressing on it and paste it into a new toot
@xj9 yes; launchd even does this for Mach services. But that's not any news, what is news to me is the realization that this is basically capability passing!
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either! We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators. Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!