From owner-freebsd-hackers@FreeBSD.ORG  Wed Jun 13 17:23:37 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: hackers@freebsd.org
Delivered-To: freebsd-hackers@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3853D16A468
	for <hackers@freebsd.org>; Wed, 13 Jun 2007 17:23:37 +0000 (UTC)
	(envelope-from youshi10@u.washington.edu)
Received: from mxout1.cac.washington.edu (mxout1.cac.washington.edu
	[140.142.32.134])
	by mx1.freebsd.org (Postfix) with ESMTP id 1985E13C48A
	for <hackers@freebsd.org>; Wed, 13 Jun 2007 17:23:37 +0000 (UTC)
	(envelope-from youshi10@u.washington.edu)
Received: from hymn01.u.washington.edu (hymn01.u.washington.edu [140.142.8.55])
	by mxout1.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW07.05) with ESMTP
	id l5DHNaDp005403
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <hackers@freebsd.org>; Wed, 13 Jun 2007 10:23:36 -0700
Received: from localhost (localhost [127.0.0.1])
	by hymn01.u.washington.edu (8.13.7+UW06.06/8.13.7+UW07.03) with ESMTP
	id l5DHNaxE004704
	for <hackers@freebsd.org>; Wed, 13 Jun 2007 10:23:36 -0700
X-Auth-Received: from [192.55.52.2] by hymn01.u.washington.edu via HTTP;
	Wed, 13 Jun 2007 10:23:36 PDT
Date: Wed, 13 Jun 2007 10:23:36 -0700 (PDT)
From: youshi10@u.washington.edu
To: hackers@freebsd.org
In-Reply-To: <20070613162559.GA5093@britannica.bec.de>
Message-ID: <Pine.LNX.4.43.0706131023360.25469@hymn01.u.washington.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-PMX-Version: 5.3.1.294258, Antispam-Engine: 2.5.1.298604,
	Antispam-Data: 2007.6.13.100033
X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='SUPERLONG_LINE 0.05,
	NO_REAL_NAME 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0,
	__MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
Cc: 
Subject: Re: Using shell commands versus C equivalents
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2007 17:23:37 -0000

On Wed, 13 Jun 2007, Joerg Sonnenberger wrote:

> On Wed, Jun 13, 2007 at 11:15:52AM -0500, Rick C. Petty wrote:
>> Another improvement made by using stat(2)/chmod(2) over chmod(1) using
>> system(3) variants is the protection against malicious filenames.  The
>> original code should have used fork/execv instead anyway.
>
> To be precise, this case should use open/fstat/fchmod to avoid another
> bunch of race conditions.
>
> Joerg

Should I briefly lock (flock) the file when running open/fstat/fchmod then to avoid issues? This may become a problem as pkg_*/make becomes more parallelized (another student's goals for his SoC project).

Needless to say, pkg_* is by no means threadsafe in its current form though. It uses some global vars that are currently not mutex locked, and this type of file access is another issue (I wonder if spinlocking or sleeping waiting for flock to finish would be better in this case).

-Garrett