Safe rename(2)/link(2)/unlink(2).
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Wed Sep 3 01:32:39 PDT 2003
Hello hackers...
Sometime ago I've proposed secure versions of syscalls from subject
on IRC. I've decide to describe them here more precisely.
Now all those 3 syscalls aren't safe from race-conditions point of view.
That's for sure.
Other syscalls are implemented in two variants, for example chmod(2)
and fchmod(2).
Ok, let's go.
int funlink(int fd, const char *path);
int flink(int fd, const char *name1, const char *name2);
int frename(int fd, const char *from, const char *to);
How it all works...
In funlink(2) fd is used to compare vnode of opened file and file
that should be removed. It doesn't really matters if fd represents
exactly the same file or only its hard link, because we only want
to be sure that file wasn't removed and new (different) file wasn't
created before our call to funlink(2).
In flink(2) and frename(2) situation is very simlar.
The only race here is:
thread 1 thread 2
create file 'a'
link 'a' to 'b'
fd = open file 'a'
remove file 'a'
link 'b' to 'a'
funlink(fd, 'a')
But this isn't problematic at all, isn't it?:)
This operation will fail if 'thread 2' will create new file 'a' instead of
creating hard link to file 'b'.
Comments?
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030903/e13fc1a5/attachment.bin
More information about the freebsd-hackers
mailing list