link(2) to rename files in sftp
Ben Lindstrom
mouring at etoh.eviladmin.org
Tue Apr 6 23:34:40 EST 2004
In a single word.. "yes". Your code is no better than stat()+rename().
Someone can STILL replace the file from under you. Which is what the race
condition we are trying to avoid.
- Ben
On Tue, 6 Apr 2004, Dan Yefimov wrote:
> On Tue, 6 Apr 2004, Darren Tucker wrote:
>
> > Carson Gaspar wrote:
> >
> > > --On Tuesday, April 06, 2004 09:24:31 +1000 Darren Tucker
> > >
> > >> According to the CVS log, the link shuffle is used to "fix races in
> > >> rename/symlink" (revs 1.46 and 1.44).
> > >
> > > If rename() has a race condition, the OS is broken. Plain and simple.
> >
> > The original code for rename looked like the following:
> > if (stat(newpath, &st) == -1) {
> > ret = rename(oldpath, newpath);
> > status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
> > }
> >
> > The idea is obviously to not clobber existing files, but the
> > implementation is racy (hence the change, I guess).
> >
> > I have no idea how to implement that portably for filesystems without
> > Unix semantics without the race.
> >
> May be the following code could be used:
>
> if ((ret = open(newpath, O_WRONLY|O_CREAT|O_EXCL, S_IRUSR)) != -1) {
> close(ret);
> ret = rename(oldpath, newpath);
> status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
> }
>
> Of course, someone could modify temporary file mode and write something into it
> between calls to open() and rename() are made, but does somebody really care
> about that case?
> --
>
> Sincerely Your, Dan.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list