link(2) to rename files in sftp

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Apr 6 23:34:40 EST 2004


In a single word.. "yes".  Your code is no better than stat()+rename().
Someone can STILL replace the file from under you.  Which is what the race
condition we are trying to avoid.

- Ben

On Tue, 6 Apr 2004, Dan Yefimov wrote:

> On Tue, 6 Apr 2004, Darren Tucker wrote:
>
> > Carson Gaspar wrote:
> >
> > > --On Tuesday, April 06, 2004 09:24:31 +1000 Darren Tucker
> > >
> > >> According to the CVS log, the link shuffle is used to "fix races in
> > >> rename/symlink" (revs 1.46 and 1.44).
> > >
> > > If rename() has a race condition, the OS is broken. Plain and simple.
> >
> > The original code for rename looked like the following:
> >      if (stat(newpath, &st) == -1) {
> >          ret = rename(oldpath, newpath);
> >          status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
> >      }
> >
> > The idea is obviously to not clobber existing files, but the
> > implementation is racy (hence the change, I guess).
> >
> > I have no idea how to implement that portably for filesystems without
> > Unix semantics without the race.
> >
> May be the following code could be used:
>
> 	if ((ret = open(newpath, O_WRONLY|O_CREAT|O_EXCL, S_IRUSR)) != -1) {
> 		close(ret);
> 		ret = rename(oldpath, newpath);
> 		status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
> 	}
>
> Of course, someone could modify temporary file mode and write something into it
> between calls to open() and rename() are made, but does somebody really care
> about that case?
> --
>
>     Sincerely Your, Dan.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list