From owner-freebsd-hackers@FreeBSD.ORG Wed Sep 3 01:32:39 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D65916A4BF for ; Wed, 3 Sep 2003 01:32:39 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7EDD43FDD for ; Wed, 3 Sep 2003 01:32:37 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id DE0C53ABB2E; Wed, 3 Sep 2003 10:34:39 +0200 (CEST) Date: Wed, 3 Sep 2003 10:34:39 +0200 From: Pawel Jakub Dawidek To: freebsd-hackers@freebsd.org Message-ID: <20030903083439.GA47959@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="66fzjyEOf0WBOmi+" Content-Disposition: inline X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE-p3 i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i Subject: Safe rename(2)/link(2)/unlink(2). X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2003 08:32:39 -0000 --66fzjyEOf0WBOmi+ Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello hackers... Sometime ago I've proposed secure versions of syscalls from subject on IRC. I've decide to describe them here more precisely. Now all those 3 syscalls aren't safe from race-conditions point of view. That's for sure. Other syscalls are implemented in two variants, for example chmod(2) and fchmod(2). Ok, let's go. int funlink(int fd, const char *path); int flink(int fd, const char *name1, const char *name2); int frename(int fd, const char *from, const char *to); How it all works... In funlink(2) fd is used to compare vnode of opened file and file that should be removed. It doesn't really matters if fd represents exactly the same file or only its hard link, because we only want to be sure that file wasn't removed and new (different) file wasn't created before our call to funlink(2). In flink(2) and frename(2) situation is very simlar. The only race here is: thread 1 thread 2 create file 'a' link 'a' to 'b' fd =3D open file 'a' remove file 'a' link 'b' to 'a' funlink(fd, 'a') But this isn't problematic at all, isn't it?:) This operation will fail if 'thread 2' will create new file 'a' instead of creating hard link to file 'b'. Comments? --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --66fzjyEOf0WBOmi+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP1Wnnz/PhmMH/Mf1AQE9kQP+J7J834Yepm+4OYR2TdHsGawjZRYzjbCh C49IxMcF76nmDszkqrlAOo6VPG1xJvHWZXhWe4cLimgbCZpVZDSERlgBeToyvdlV aOgog384l0rDuHRZEcqhWVmKE0tNb1D95xLVOZ7gQbPZUvtD+HuWIEgG2WS95spe UyLD7HdwiMQ= =1cKf -----END PGP SIGNATURE----- --66fzjyEOf0WBOmi+--