File Directory StructureKFT

            The Known Files Table is used to add a level of protection to the system. The AFT by itself doesn't protect against a malicious user. For example, suppose that user U said


            fp = fopen("U/X/Y","w");


and then did the following?



This is legal and works (I tested it), and increments the file pointer to the next file in the file table. However, the next file in the file table can be someone else's file!

            The KFT provides a way to ensure that the user cannot gain access to another user's file in this manner. There is one KFT per user. The KFT is an intermediate table between the AFT and the user. When user U opens a file, the file pointer (entry in the AFT) is not returned directly to user U. Instead, the file pointer is placed into user U's KFT, and a pointer to the entry in user U's KFT is returned to user U. This way, if user U executes fp++, the resulting file pointer will still point to one of user U's files, rather than to someone else's file.

                  User U's KFT

            row entry in AFT




















            pointer 1 returned to user U row contents

























            The KFT also contains the user's access rights to the file. Suppose the access rights in the AFT are

 rwx/r_ x/r_ _

This means that the owner can read, write and execute the file, the owner's group can read and execute it, but not write to it, and everyone else can only read it. If user U is the owner, then user U's KFT will contain only user U's rights:


This way, the system can check whether a request to read, write or execute the file is legal, at the KFT level, without ever going to the AFT.

            The KFT also contains a lock entry. This lock is different from the lock entry in the AFT:

The lock entry in the AFT indicates whether or not the file is locked. There is another entry in the AFT that is a queue of processes waiting to use the file while it is locked.

The lock entry in the KFT indicates whether the user has the privilege of locking the file (this is a privilege you pay for). If the user asks to write to the file with the lock, the system can check right at the KFT level whether the user is allowed to lock the file. If the user has the right to lock, the request will be allowed; otherwise, it will be stopped.

The AFT is for synchronization; the KFT is for protection.