[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: side note to ppfChdir

Christian Reiniger wrote:

> > As I understand, relative paths are a bit faster because the current
> > working directory is already parsed and all... Removing the chdir()
> Not only that. The system also starts searching directly at the current
> working dir.

This is a *very* minor optimization. I think the side-effect problem
outweights this. I am not sure the system does starts searching directly
at the current working dir, see later on...

Quadra currently does a chdir() because of dumb Win32 legacy stuff too
twisted to fix easily. On the list of Bad Things for our next project is
chdir() (among others!).

Libraries should aim to be as side-effect-free as possible, shouldn't

> > optimization is unwelcome anyway, as it doesn't apply security at every
> > access. But we might also not care for applying security at every
> > access.
> What do you mean with security?

If you cache the open file descriptor to the pak file, you're losing
Unix security semantics (which you might not care much about, as many
other systems already lose some semantics, like NFS does with file
opening semantics) in the simulated file system inside the pak file.

What I mean is that when you open a file, even with a relative path, the
system checks your access right to every directory starting with the
root (thus the system actually starting searching at the root, not
directly in the current working directory).

Do this test. Create a directory, go in there and create a file named
"foo" with a bit of text in it. As your cwd is in there, you can do "cat
foo" and get the content. If you open another terminal window, go to the
directory right upward of it and do a "chmod 0" of the directory
(removing all rights), go back to your other terminal window (which has
its pwd inside the directory), "cat foo" won't work anymore, even if you
still have read right for that file, because you do not have the right
to be there in the first place. This proves that the system starts at
the root (or, actually, start higher, feel free to add directories and
experiment further).

But the system only checks rights at file opening time. If you cache the
open fd to the file, security won't be checked again, unless you do it

To tell you frankly, I think game developers do not care. If the user
had the right to open the file once, that's enough for me anyway. But
the fact that chdir() has nasty side-effects and that it doesn't
actually help performance (and even if it did, it would be so marginal)
just tell me you should ditch that.

Pierre Phaneuf