On Mon, Jan 07 2019 15:48:25 -0500, Ted Unangst wrote:
> Lauri Tirkkonen wrote:
> > Hi, it seems install(1) has a race condition: in create_newfile, it
> > first unlinks the target file and then tries to open it with
> > O_CREAT|O_EXCL.
>
> > The below diff essentially removes the -S option and makes install
> > always use temp files (ie. -S is always on), eliminating the race since
> > rename(2) cannot fail like this.
>
> I don't know. Presumably if there weren't any downside to safecopy, it would
> already have been made the default.
I had this thought, but could not think of any real downsides...
> This doubles the number of synchronous
> file operations.
Does it? Without safecopy, the operations performed are:
unlink(targetfile);
open(targetfile, O_CREAT|O_EXCL);
write();
fchmod();
close();
with safecopy, they are:
open(tempfile, O_CREAT|O_EXCL);
write();
fchmod();
close();
rename(tempfile, targetfile);
which to me seems identical in the number of file syscalls made.
--
Lauri Tirkkonen | lotheac @ IRCnet
