lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180409074241.2ibvhh3g5lzxnt4g@pali>
Date:   Mon, 9 Apr 2018 09:42:41 +0200
From:   Pali Rohár <pali.rohar@...il.com>
To:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     Alexander Viro <viro@...iv.linux.org.uk>, Jan Kara <jack@...e.cz>
Subject: Re: Race-free unlinking of directory entries

Hi! I would like to remind this my older email about race free
unlinking. Is there any plan to provide such support?

On Wednesday 20 December 2017 20:18:44 Pali Rohár wrote:
> Hi!
> 
> Linux kernel currently does not provide any race-free way for calling
> unlink() syscall on file entry which points to opened file descriptor.
> 
> On the other hand Linux kernel already provides race-free way for
> creating file entry by linkat() syscall with AT_EMPTY_PATH or
> AT_SYMLINK_FOLLOW flags. unlinkat() does not.
> 
> There was already discussion about unlink issue in bugzilla:
> https://bugzilla.kernel.org/show_bug.cgi?id=93441
> 
> Because file descriptor describes inode number which can be stored in
> more directories as hard links, there is a proposed funlinkat() syscall
> with following API:
> 
> int funlinkat(int fd, int dirfd, const char *pathname, int flags);
> 
> It should atomically check if file descriptor fd and pathname (according
> to dirfd) are same, and if then just unlinkat(dirfd, pathname, flags).
> If are not same, throw error.
> 
> What userspace application basically needs:
> 
> Open file, test it stat (or probably content) and based on test result
> decide if file needs to be removed or not.
> 
> Or delete a file behind a file descriptor opened with O_PATH.
> 
> Both cases are currently not possible without introducing race condition
> between open/stat and unlink. Between those two calls, some other
> process can exchange files.

-- 
Pali Rohár
pali.rohar@...il.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ