From owner-freebsd-hackers  Sun Jun 23 17: 8:43 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from avocet.mail.pas.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50])
	by hub.freebsd.org (Postfix) with ESMTP id 6778337B400
	for <freebsd-hackers@freebsd.org>; Sun, 23 Jun 2002 17:08:38 -0700 (PDT)
Received: from pool0336.cvx22-bradley.dialup.earthlink.net ([209.179.199.81] helo=mindspring.com)
	by avocet.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17MHOz-0007cP-00; Sun, 23 Jun 2002 17:08:18 -0700
Message-ID: <3D1662CC.FE6F6D49@mindspring.com>
Date: Sun, 23 Jun 2002 17:07:40 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Paul Herman <pherman@frenchfries.net>
Cc: "Matthew D. Fuller" <fullermd@over-yonder.net>,
	"Geoffrey C. Speicher" <geoff@sea-incorporated.com>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: bug in pw, -STABLE [patch]
References: <20020623111412.V38509-100000@mammoth.eat.frenchfries.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Paul Herman wrote:
> Fine, then lock them both, and use rename().  Patch attached.
> 
> In fact, if you look at fileupdate(), you see that it already gains
> an exclusive lock on the temp file, but not the original
> "/etc/master.passwd" (if you will.)  I think this is a bug, because
> the original is getting modified (at least in name space), so that
> should be locked while pw(8) is operating.
> 
> What do you think?

Don't use an exclusive open.  Use a standard lock file lock
mechanism.

The problem with your proposed patch is that it breaks the
ability to allow authentication against the database while
it is undergoing modification, which may be a prolonged period.

The correct way to deal with this is to make a hard link against
the file, verify that the link count is exactly 2, and if it's
not, back off and fail.

You are only permitted to write the file if you are the one that
made the second link.

Since both rename and link are atomic operations in the directory,
you are safe.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message