From owner-svn-src-head@freebsd.org Thu Sep 8 18:45:32 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20DAEBD2A04 for ; Thu, 8 Sep 2016 18:45:32 +0000 (UTC) (envelope-from citrin+bsd@citrin.ru) Received: from hz.citrin.ru (hz.citrin.ru [IPv6:2a01:4f8:d16:10c3::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DD064D0C; Thu, 8 Sep 2016 18:45:31 +0000 (UTC) (envelope-from citrin+bsd@citrin.ru) Received: from [192.168.0.144] (c-24-60-168-172.hsd1.ct.comcast.net [24.60.168.172]) (Authenticated sender: citrin@citrin.ru) by hz.citrin.ru (Postfix) with ESMTPSA id 1C09F287AE6; Thu, 8 Sep 2016 18:45:26 +0000 (UTC) Subject: Re: svn commit: r305620 - head/usr.sbin/etcupdate To: svn-src-head@freebsd.org References: <201609081553.u88Frnnn006304@repo.freebsd.org> Cc: Eric van Gyzen From: Anton Yuzhaninov Message-ID: <81fb0474-0b66-465d-ecc4-22d67624741a@citrin.ru> Date: Thu, 8 Sep 2016 14:45:20 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <201609081553.u88Frnnn006304@repo.freebsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrin.ru; s=s0; t=1473360327; bh=p1ntOptTaV7zJBt5bwrRDS28+zMvn/kO4JX8rmMwMl8=; h=Subject:To:References:Cc:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=03COT9RVd5rhvyFgz8E6/EumS9jTZ5mVElTsdf7Q4ou+vXdoOpLkkuegMt2WWzhGIiBG5xseXevPBulFoeWxyCnRuJibXTE2SmYME/AgrgvGUN6F3eq4z2OZpzhUDSbAEgucki98sPYD4Zritwob/97P6L8jUmi4mxcWgQSQy94= X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Sep 2016 18:45:32 -0000 On 2016-09-08 11:53, Eric van Gyzen wrote: > if [ -z "$dryrun" ]; then > temp=$(mktemp -t etcupdate) > diff3 -E -m ${DESTDIR}$1 ${OLDTREE}$1 ${NEWTREE}$1 > ${temp} > - mv -f ${temp} ${DESTDIR}$1 > + # Use "cat >" to preserve metadata. > + cat ${temp} > ${DESTDIR}$1 > + rm -f ${temp} > fi In previous code file update was atomic if /tmp/ (or TMPDIR) is on root file system. With new code file update is not atomic in any case - if etcupdate will be interrupted for some reason (e. g. unexpected power failure) destination file can be half-written or empty. If destination file is important system config (like /etc/rc.d/netif of /etc/rc.d/sshd) remote access to host will be lost. To keep update atomic and preserve owner/mode something like this can be used: eval $(stat -s ${DESTDIR}$1) # XXX possible security problem install -CS -m ${st_mode} -o ${st_uid} -g ${st_gid} ${temp} ${DESTDIR}$1 rm -f ${temp} But even with install -S race is still possible, because there is no fsync() in install(1). More reliable way to update important files 1. write temp_file in dest dir 2. fsync tepm_file 3. mv temp_file dest_file install -S does only 1 and 3.