From owner-freebsd-stable  Tue May 15 14:19:46 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id EBB7337B422; Tue, 15 May 2001 14:19:40 -0700 (PDT)
	(envelope-from netch@iv.nn.kiev.ua)
Received: (from uucp@localhost)
	by segfault.kiev.ua (8) with UUCP id AHN38917;
	Wed, 16 May 2001 00:19:32 +0300 (EEST)
	(envelope-from netch@iv.nn.kiev.ua)
Received: (from netch@localhost)
	by iv.nn.kiev.ua (8.11.3/8.11.3) id f4F72Bb02571;
	Tue, 15 May 2001 10:02:11 +0300 (EEST)
	(envelope-from netch)
Date: Tue, 15 May 2001 10:02:11 +0300
From: Valentin Nechayev <netch@iv.nn.kiev.ua>
To: Mike Smith <msmith@FreeBSD.ORG>
Cc: Hugh Blandford <hugh@island.net.au>, stable@FreeBSD.ORG
Subject: Re: Running Stable on remote production server
Message-ID: <20010515100211.B2230@iv.nn.kiev.ua>
References: <006c01c0dba7$f21a38c0$0bdea8c0@island.net.au> <200105132035.f4DKXtB01042@mass.dis.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200105132035.f4DKXtB01042@mass.dis.org>; from msmith@FreeBSD.ORG on Sun, May 13, 2001 at 01:33:55PM -0700
X-42: On
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

 Sun, May 13, 2001 at 13:33:55, msmith (Mike Smith) wrote about "Re: Running Stable on remote production server": 

> It's entirely unnecessary to go single-user when updating a machine; just 
> rebuild the world, optionally run mergemaster, and reboot.
> Exceptions to this rule do occur, but they're *extremely* rare.

A race condition could be during /usr/bin/install call. install
removes old file, writes new and sets permissions. If it is executable,
something calling it will fail (I saw one case). If it is data file,
something may fail with shortened-and-then-invalid data (I can imagine
even root compomise in such case;)). And something may fail after old
file was deleted already, but new file was not created yet.

With hypothetical install command which first creates new file with both
content and rights true and completed and then atomically renames it
to old one, probability of such cases can be reduced to 0.


/netch

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message