lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 14 Jan 2020 18:06:10 +0000
From:   David Howells <dhowells@...hat.com>
To:     Al Viro <viro@...iv.linux.org.uk>
Cc:     dhowells@...hat.com, linux-fsdevel@...r.kernel.org, hch@....de,
        tytso@....edu, adilger.kernel@...ger.ca, darrick.wong@...cle.com,
        clm@...com, josef@...icpanda.com, dsterba@...e.com,
        linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org,
        linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Making linkat() able to overwrite the target

Al Viro <viro@...iv.linux.org.uk> wrote:

> > Would it be possible to make linkat() take a flag, say AT_LINK_REPLACE,
> > that causes the target to be replaced and not give EEXIST?  Or make it so
> > that rename() can take a tmpfile as the source and replace the target with
> > that.  I presume that, either way, this would require journal changes on
> > ext4, xfs and btrfs.
>
> Umm...  I don't like the idea of linkat() doing that - you suddenly get new
> fun cases to think about (what should happen when the target is a mountpoint,
> for starters?

Don't allow it onto directories, S_AUTOMOUNT-marked inodes or anything that's
got something mounted on it.

> ) _and_ you would have to add a magical flag to vfs_link() so
> that it would know which tests to do.

Yes, I suggested AT_LINK_REPLACE as said magical flag.

> As for rename...

Yeah - with further thought, rename() doesn't really work as an interface,
particularly if a link has already been made.

Do you have an alternative suggestion?  There are two things I want to avoid:

 (1) Doing unlink-link or unlink-create as that leaves a window where the
     cache file is absent.

 (2) Creating replacement files in a temporary directory and renaming from
     there over the top of the target file as the temp dir would then be a
     bottleneck that spends a lot of time locked for creations and renames.

David

Powered by blists - more mailing lists