Re: O_DEFEROPEN

Sun, 26 Mar 2000 22:48:56 -0800 

Matthew Kirkwood wrote:
> Presumably this is so that the floppy driver can check that nobody
> expects to read or write the disk while a format is in progress?
> If so, I accept the need for O_NONE.

No, it's so fdformat can open /dev/fd0 before fd0 knows what floppy
format to use, and so it doesn't try to autosense the format.  But I'm
not sure fdformat actually does this -- it was mentioned by someone
during the O_NONE thread, thqat is all I know.

> > The only difference is the current ioctl behaviour for O_NONE, and the
> > fact that you can actually open an O_DEFEROPEN fd later.
> 
> But those features of O_DEFEROPEN are the only useful ones.  Other
> than posssibly in the future being able to say "give me a no-priv
> fd to this object if I can read _or_ write it" I think that O_NONE
> is useless for race-avoidance purposes.

Correct.  The ioctl difference is potentially useful for chattr though.

> Basically, I want it for things like tar.  Currently, for files GNU
> tar does:
> 
> lstat("./defines.h", {st_mode=S_IFREG|0664, st_size=318, ...}) = 0
> open("./defines.h", O_RDONLY|O_LARGEFILE) = 6
> read(6, "#define UTIL_LINUX_VERSION \"2.10"..., 318) = 318
> fstat(6, {st_mode=S_IFREG|0664, st_size=318, ...}) = 0
> close(6)                                = 0
> 
> which is fairly easily raceable if you make your directories big
> enough.  Make a link at the right time, and tar may well have
> backed up /etc/shadow but thought that it was a file that you
> owned.
> 
> This:
> 
> open(path, O_RDONLY|O_DEFEROPEN)      = 6
> fstat(6, ...)                         = 0
> fcntl(6, F_REALLYOPEN)                        = 0
> read(6, ..., N)                               = M
> close(6)                              = 0
> 
> is safe (though we do need O_SYMLINK to complete the picture).

Use O_NOFOLLOW.  (How do you intend to use O_SYMLINK?)

> > Your O_DEFEROPEN actually seems like the right thing in many cases,
> > like when you want to open a device file prior to fstat(), and you
> > don't really want to open the device.
> 
> Yep.  I just don't understand your desire to combine the two.

They're so similar -- do we really need to very similar different
thingws.  If so, let's isolate the orthognal differences and make them
work in all reasonable circumstances.  Hence F_REOPEN.

-- Jamie

Reply via email to