Please do not reply to this email- if you want to comment on the bug, go to the URL shown below and enter your comments there.
Changed by [EMAIL PROTECTED] http://bugzilla.ximian.com/show_bug.cgi?id=77340 --- shadow/77340 2006-11-16 10:42:42.000000000 -0500 +++ shadow/77340.tmp.17662 2006-12-14 12:36:19.000000000 -0500 @@ -116,6 +116,31 @@ non-root is still permitted to create such a link, and I can't imagine that O_NOFOLLOW can prevent opening such a file. Go ahead and try your solution out using "Steps to reproduce the problem" (with and without -s). They're 100% reproducible, so you will know instantly what works and what does not. + +------- Additional Comments From [EMAIL PROTECTED] 2006-12-14 12:36 ------- +I took a closer look at Miguel's O_EXCL solution. I was sort of +misleaded before, but O_EXCL in conjunction with O_CREAT actually does +seem to prevent link attacks. + +However, using O_CREAT|O_EXCL triggers another issue. A stale lock +file prevents starting the service -- always fails. Earlier, the open +would have succeeded and (as long as the file isn't opened by another +service instance, as determined with lockf) the service would start +successfully (and unlink the pid file on termination). + +Steps to reproduce #1: +1. touch $F +2. mono-service -l:$F foo.exe + +Steps to reproduce #2: +1. mono-service foo.exe +2. kill -9 <pid of foo> +3. mono-service foo.exe + +Expected results: find out that the service isn't actually running +(although pid file exists) and start successfully + +Actual results: "mono: foo.exe: Log file already exists" _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
