| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4EAAD123.6020208@redhat.com>
Date: Fri, 28 Oct 2011 09:58:27 -0600
From: Eric Blake <eblake@...hat.com>
To: unlisted-recipients:; (no To-header on input)
CC: Pádraig Brady <P@...igBrady.com>,
Denys Vlasenko <vda.linux@...glemail.com>,
Al Viro <viro@...iv.linux.org.uk>,
Coreutils <coreutils@....org>,
Christian Engelmayer <christian.engelmayer@...quentis.com>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: rename("a", "b") would not always remove "a" on success. ?!!
On 10/28/2011 09:42 AM, Eric Blake wrote:
>> Perhaps it could be brought up as an issue with the standards guys?
>
> We already have. And POSIX 2008 already acted on that. While you quoted
> rename(2) (which was intentionally not changed), you forgot to also read
> the POSIX wording on mv(1):
>
> http://pubs.opengroup.org/onlinepubs/9699919799/utilities/mv.html
>
> 2. If the source_file operand and destination path name the same
> existing file, then the destination path shall not be removed, and one
> of the following shall occur:
>
> a. No change is made to source_file, no error occurs, and no diagnostic
> is issued.
> b. No change is made to source_file, a diagnostic is issued to standard
> error identifying the two names, and the exit status is affected.
> c. If the source_file operand and destination path name distinct
> directory entries, then the source_file operand is removed, no error
> occurs, and no diagnostic is issued.
Contrast this to the POSIX 2001 wording for mv:
http://pubs.opengroup.org/onlinepubs/009695399/utilities/mv.html
2. The mv utility shall perform actions equivalent to the rename()
function defined in the System Interfaces volume of IEEE Std 1003.1-2001,...
with no escape clause for identical files. That is, POSIX 2008
specifically inserted a new step 2 (renumbering the step 2 from POSIX
2001 to step 3 in POSIX 2008) at GNU Coreutils' insistence that the
requirements were wrong. See also
http://www.opengroup.org/austin/aardvark/latest/xcubug2.txt, and search
for AI-169, which was where the change in wording was made; including
this rationale:
Note that ERN 88 was rejected in spite of the fact that
http://www.opengroup.org/austin/mailarchives/austin-group-l/msg05155.html
claims the original intent was to have rename detect identical
directory entries rather than identical files. One of the arguments
presented for rejecting ERN 88 was that rename(2) has the property
of preserving link count, whereas having rename("a", "b") unlink
"a" when the two names are hard links would not.
Unfortunately, that link no longer works, so I can't point you to the
historical conversation at the time where it was argued that changing
rename(2) behavior would be detrimental. But it does give enough
context to provide an alternate interpretation of rename() semantics
that fit the standardized behavior: a successful rename("a","b")
guarantees that "b" now has the same link count as "a" had prior to the
rename call, even if that meant a hard-linked "a" had to be left
untouched to avoid changing the link count of hard-linked "b".
--
Eric Blake eblake@...hat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists