From owner-freebsd-hackers@FreeBSD.ORG Wed Jun 13 17:23:37 2007 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3853D16A468 for ; Wed, 13 Jun 2007 17:23:37 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout1.cac.washington.edu (mxout1.cac.washington.edu [140.142.32.134]) by mx1.freebsd.org (Postfix) with ESMTP id 1985E13C48A for ; Wed, 13 Jun 2007 17:23:37 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from hymn01.u.washington.edu (hymn01.u.washington.edu [140.142.8.55]) by mxout1.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW07.05) with ESMTP id l5DHNaDp005403 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 13 Jun 2007 10:23:36 -0700 Received: from localhost (localhost [127.0.0.1]) by hymn01.u.washington.edu (8.13.7+UW06.06/8.13.7+UW07.03) with ESMTP id l5DHNaxE004704 for ; Wed, 13 Jun 2007 10:23:36 -0700 X-Auth-Received: from [192.55.52.2] by hymn01.u.washington.edu via HTTP; Wed, 13 Jun 2007 10:23:36 PDT Date: Wed, 13 Jun 2007 10:23:36 -0700 (PDT) From: youshi10@u.washington.edu To: hackers@freebsd.org In-Reply-To: <20070613162559.GA5093@britannica.bec.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-PMX-Version: 5.3.1.294258, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.6.13.100033 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='SUPERLONG_LINE 0.05, NO_REAL_NAME 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Cc: Subject: Re: Using shell commands versus C equivalents X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2007 17:23:37 -0000 On Wed, 13 Jun 2007, Joerg Sonnenberger wrote: > On Wed, Jun 13, 2007 at 11:15:52AM -0500, Rick C. Petty wrote: >> Another improvement made by using stat(2)/chmod(2) over chmod(1) using >> system(3) variants is the protection against malicious filenames. The >> original code should have used fork/execv instead anyway. > > To be precise, this case should use open/fstat/fchmod to avoid another > bunch of race conditions. > > Joerg Should I briefly lock (flock) the file when running open/fstat/fchmod then to avoid issues? This may become a problem as pkg_*/make becomes more parallelized (another student's goals for his SoC project). Needless to say, pkg_* is by no means threadsafe in its current form though. It uses some global vars that are currently not mutex locked, and this type of file access is another issue (I wonder if spinlocking or sleeping waiting for flock to finish would be better in this case). -Garrett