On Sat, Apr 30, 2022 at 3:48 PM Jason A. Donenfeld <ja...@zx2c4.com> wrote:
> On Sat, Apr 30, 2022 at 3:12 PM Denys Vlasenko <vda.li...@googlemail.com>
> wrote:
> > > @@ -190,6 +192,8 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
> > > if (mkdir(seed_dir, 0700) < 0 && errno != EEXIST)
> > > bb_perror_msg_and_die("can't %s seed directory",
> > > "create");
> > > dfd = open(seed_dir, O_DIRECTORY | O_RDONLY);
> > > + /* The flock() here is absolutely necessary, as the consistency
> > > of this
> > > + * program breaks down with concurrent uses. */
> > > if (dfd < 0 || flock(dfd, LOCK_EX) < 0)
> > > bb_perror_msg_and_die("can't %s seed directory", "lock");
> >
> > The locking is notoriously not reliable across networked filesystems,
> > and people often find more reliable ways to ensure safety wrt concurrency.
> >
> > E.g. renaming the file before use (rename is atomic even on NFS).
> >
> > Or, for example, what if we open /var/lib/seedrng/seed.credit,
> > then try to unlink it. if unlink fails with ENOENT, this means we have
> > a concurrent user. Thus, we bail out with an error message.
> > Would this work?
>
> No, because a concurrent user might have replaced seed.credit at just
> the wrong moment:
>
> readfile()
> readfile()
> unlink() = success
> createnewseed()
> unlink() = success
I see. Thank you.
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
