Hello hackers... Sometime ago I've proposed secure versions of syscalls from subject on IRC. I've decide to describe them here more precisely.
Now all those 3 syscalls aren't safe from race-conditions point of view.
That's for sure.
Other syscalls are implemented in two variants, for example chmod(2)
and fchmod(2).
Ok, let's go.
int funlink(int fd, const char *path);
int flink(int fd, const char *name1, const char *name2);
int frename(int fd, const char *from, const char *to);
How it all works...
In funlink(2) fd is used to compare vnode of opened file and file
that should be removed. It doesn't really matters if fd represents
exactly the same file or only its hard link, because we only want
to be sure that file wasn't removed and new (different) file wasn't
created before our call to funlink(2).
In flink(2) and frename(2) situation is very simlar.
The only race here is:
thread 1 thread 2
create file 'a'
link 'a' to 'b'
fd = open file 'a'
remove file 'a'
link 'b' to 'a'
funlink(fd, 'a')
But this isn't problematic at all, isn't it?:)
This operation will fail if 'thread 2' will create new file 'a' instead of
creating hard link to file 'b'.
Comments?
--
Pawel Jakub Dawidek [EMAIL PROTECTED]
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
pgp00000.pgp
Description: PGP signature
