| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 9 May 2010 22:56:12 -0400 From: tytso@....edu To: bugzilla-daemon@...zilla.kernel.org Cc: linux-ext4@...r.kernel.org Subject: Re: [Bug 15910] zero-length files and performance degradation > The problem is, dpkg needs to guarantee the system is always usable, > and when a crash occurs, say when it's unpacking libc, it's not > acceptable for dpkg not to fsync() before rename() as it might end > up with an empty libc.so file, even if it might have marked the > package as correctly unpacked (wrongly but unknowingly as there's no > guarantees), which is not true until the changes have been fully > committed to the file system. Why not unpack all of the files as "foo.XXXXXX" (where XXXXXX is a mkstemp filename template) do a sync call (which in Linux is synchronous and won't return until all the files have been written), and only then, rename the files? That's going to be the most fastest and most efficient way to guarantee safety under Linux; the downside is that you need to have enough free space to store the old and the new files in the package simultaneously. But this also is a win, because it means you don't actually start overwriting files in a package until you know that the package installation is most likely going to succeed. (Well, it could fail in the postinstall script, but at least you don't have to worry about disk full errors.) - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists