 | This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Handle" computing – news ·newspapers ·books ·scholar ·JSTOR(April 2014) (Learn how and when to remove this message) |
Incomputer programming, ahandle is an abstractreference to aresource that is used whenapplication software referencesblocks ofmemory or objects that are managed by another system like adatabase or anoperating system.
A resource handle can be anopaqueidentifier, in which case it is often aninteger number (often anarray index in an array or "table" that is used to manage that type of resource), or it can be apointer that allows access to further information. Common resource handles includefile descriptors,network sockets,database connections,process identifiers (PIDs), andjob IDs. PIDs and job IDs are explicitly visible integers; while file descriptors and sockets (which are often implemented as a form of file descriptor) are represented as integers, they are typically considered opaque. In traditional implementations, file descriptors are indices into a (per-process)file descriptor table, thence a (system-wide)file table.
While apointer contains theaddress of the item to which it refers, a handle is anabstraction of a reference which is managed externally; its opacity allows the referent to be relocated in memory by the system without invalidating the handle, making it similar tovirtual memory for pointers, but even more abstracted. Similarly, the extra layer ofindirection also increases the control that the managing system has over the operations performed on the referent. Typically the handle is an index or a pointer into a global array oftombstones.
Ahandle leak is a type ofsoftware bug that occurs when a computer program does not free a handle that it previously allocated. This is a form ofresource leak, analogous to amemory leak for previously allocated memory.
Insecure computing terms, because access to a resource via a handle is mediated by another system, a handle functions as acapability: it not only identifies an object, but also associatesaccess rights. For example, while a filename is forgeable (it is just a guessable identifier), a handle isgiven to a user by an external system, and thus represents not just identity, but alsogranted access.
For example, if a program wishes to read the system password file (/etc/passwd) in read/write mode (O_RDWR), it could try to open the file via the following call:
intfd=open("/etc/passwd",O_RDWR);
This call asks the operating system to open the specified file with the specified access rights. If the OS allows this, then it opens the file (creates an entry in the per-processfile descriptor table) and returns a handle (file descriptor, index into this table) to the user: the actual access is controlled by the OS, and the handle is atoken of that. Conversely, the OS may deny access, and thus neither open the file nor return a handle.
In a capability-based system, handles can be passed between processes, with associated access rights. Note that in these cases the handle must be something other than a systemwide-unique small integer, otherwise it is forgeable. Such an integer may nevertheless be used to identify a capability inside a process; e.g., file descriptor in Linux is unforgeable because its numerical value alone is meaningless, and only in the process context may refer to anything. Transferring such a handle requires special care though, as its value often has to be different in the sending and receiving processes.
In non-capability-based systems, on the other hand, each process must acquire its own separate handle, by specifying the identity of the resource and the desired access rights (e.g., each process must open a file itself, by giving the filename and access mode). Such usage is more common even in modern systems that do support passing handles, but it is subject to vulnerabilities like theconfused deputy problem.
Handles were a popular solution tomemory management in operating systems of the 1990s, such asMac OS[1] andWindows. The FILE data structure in theC standard I/O library is afile handle, abstracting from the underlying file representation (onUnix these arefile descriptors). Like otherdesktop environments, theWindows API heavily uses handles to represent objects in the system and to provide a communication pathway between the operating system anduser space. For example, a window on thedesktop is represented by a handle of typeHWND (handle, window).
Doubly indirect handles (where the handle is not necessarily a pointer but might be, for example, an integer) have fallen out of favor in recent times, as increases in available memory and improvedvirtual memory algorithms have made the use of the simpler pointer more attractive. However, many operating systems still apply the term to pointers to opaque, "private"data structures—opaque pointers—or to indexes into internal arrays passed from oneprocess to itsclient.