This is not necessarily the current version of this TIP.
|Version:||$Revision: 1.3 $|
|Author:||Colin McCormack <colin at sharedtech dot dyndns dot org>|
|Created:||Sunday, 12 September 2004|
This tip allows the creator and opener of a channel to cast away privileges and have them restored on close, to permit last-minute processing. It is sufficient to resolve a tclvfs bug, minimal, and safe.
Tclvfs has a bug  Can't read from channel in close callback 
The problem is that the user has requested a read/only or write/only channel, but the tclvfs' close process absolutely requires fuller access to the channel. For example: a user's write-only chan has to be read by close in order to be processed. Another example: a user's read-only channel has to be initially seeded by a memchan.
This can be modelled by the opener of a channel (in this case, the tclvfs code) opening it with its required permissions and casting them away before handing them to a user, subsequently re-aquiring full channel permissions at the point where the channel needs to be closed - that is, immediately before the tclvfs' close callback is invoked.
Since the opening entity can in any case have complete access to any file it can create, and cannot successfully modify any file it couldn't have opened through the core, and because the privileges are only available to the opener, and then only at a point immediately before the tcl core is about to complete channel closing, re-escalation of privileges doesn't expose open channels to any additional risk of interference.
Immediately prior to invoking vfs close callback, tcl core should set permissions to the maximum.
This Tip was originally written to allow C code to modify permissions, but this makes the permissions system mean nothing, as a channel's permissions could then be freely modified in an ad hoc manner.
This Tip now specifies a weaker modification that is still powerful enough to