lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jan 2020 18:06:10 +0000 From: David Howells <dhowells@...hat.com> To: Al Viro <viro@...iv.linux.org.uk> Cc: dhowells@...hat.com, linux-fsdevel@...r.kernel.org, hch@....de, tytso@....edu, adilger.kernel@...ger.ca, darrick.wong@...cle.com, clm@...com, josef@...icpanda.com, dsterba@...e.com, linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org, linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Making linkat() able to overwrite the target Al Viro <viro@...iv.linux.org.uk> wrote: > > Would it be possible to make linkat() take a flag, say AT_LINK_REPLACE, > > that causes the target to be replaced and not give EEXIST? Or make it so > > that rename() can take a tmpfile as the source and replace the target with > > that. I presume that, either way, this would require journal changes on > > ext4, xfs and btrfs. > > Umm... I don't like the idea of linkat() doing that - you suddenly get new > fun cases to think about (what should happen when the target is a mountpoint, > for starters? Don't allow it onto directories, S_AUTOMOUNT-marked inodes or anything that's got something mounted on it. > ) _and_ you would have to add a magical flag to vfs_link() so > that it would know which tests to do. Yes, I suggested AT_LINK_REPLACE as said magical flag. > As for rename... Yeah - with further thought, rename() doesn't really work as an interface, particularly if a link has already been made. Do you have an alternative suggestion? There are two things I want to avoid: (1) Doing unlink-link or unlink-create as that leaves a window where the cache file is absent. (2) Creating replacement files in a temporary directory and renaming from there over the top of the target file as the temp dir would then be a bottleneck that spends a lot of time locked for creations and renames. David
Powered by blists - more mailing lists