POSIXLY SECURE OPEN AND ACCESS FILES BY INODE NUMBER
First Claim
1. A method comprising:
- receiving, by a process executed by a processor, a request for a ticket for traversing a file system;
generating, by the process, a secure key for a unique handle object based on the request for the ticket;
generating an authentication code for the ticket using a numeric file identifier and the secure key;
in response to reading a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), returning the ticket including ticket information comprising the numeric file identifier, generation information and the authentication code;
in response to a request to open a directory, validating the ticket information based on the secure key; and
opening a directory for reading using the validated ticket information and the unique handle.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for secure portable operating system interface (POSIX) directory traversing for opening and accessing files by inode number. The method includes receiving, by a process executed by a processor, a request for a ticket for traversing a file system. The process generates a secure key for a unique handle object based on the request for the ticket. An authentication code is generated for the ticket using a numeric file identifier and the secure key. In response to reading a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), the ticket is returned including ticket information including the numeric file identifier, generation information and the authentication code. In response to a request to open a directory, the ticket information is validated based on the secure key. A directory is opened for reading using the validated ticket information and the unique handle.
14 Citations
20 Claims
-
1. A method comprising:
-
receiving, by a process executed by a processor, a request for a ticket for traversing a file system; generating, by the process, a secure key for a unique handle object based on the request for the ticket; generating an authentication code for the ticket using a numeric file identifier and the secure key; in response to reading a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), returning the ticket including ticket information comprising the numeric file identifier, generation information and the authentication code; in response to a request to open a directory, validating the ticket information based on the secure key; and opening a directory for reading using the validated ticket information and the unique handle. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product for secure portable operating system interface (POSIX) directory traversing for opening and accessing files by inode number, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to:
-
receive, by the processor, a request for a ticket for traversing a file system; generate, by the processor, a secure key for a unique handle object based on the request for the ticket; generate, by the processor, an authentication code for the ticket using a numeric file identifier and the secure key; in response to reading a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), return, by the processor, the ticket including ticket information comprising the numeric file identifier, generation information and the authentication code; in response to a request to open a directory, validate, by the processor, the ticket information based on the secure key; and open, by the processor, a directory for reading using the validated ticket information and the unique handle. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
a ticket processor configured to receive a request for a ticket for traversing a file system; a cryptographic processor configured to generate a secure key for a unique handle object based on the request for the ticket, and to generate an authentication code for the ticket using a numeric file identifier and the secure key; the ticket processor further configured to return the ticket including ticket information in response to a request to read a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), wherein the ticket information comprises the numeric file identifier, generation information and the authentication code; and a validation processor configured to validate the ticket information based on the secure key in response to a request to open a directory; wherein a directory of the file system is opened for reading using the validated ticket information and the unique handle. - View Dependent Claims (17, 18, 19, 20)
-
Specification