Richard M. Stallman wrote on 27 Jun 2005 07:38:04 +0200: > I think it may be too difficult to fix all the places > that do this, but would you like to try fixing one or two > as a first step?
In fact, doing the right thing is not so obvious as I thought. I've looked at various implementations of mv and cp (from GNU, OpenSolaris, OpenBSD and FreeBSD) and at the Single Unix Specification, and almost each one uses a subtly different way, and they all allow some kind of race-condition. Some (including GNU mv and GNU cp) do even use chown and chmod in the same unsafe way that we did previously, so I will report that to them. Now, as for as I can tell, there is no way to move a file asking the user what to do if needed and avoid every race-conditions in a Unix-like OS. I will try to come with a solution that avoids the worse problems. An other question is to decide what to do when the destination file exists: we can either overwrite it or remove it and create a new one. Those two ways will have different effects if the file we overwrite/remove has a link count > 1. Current emacs implementation use "overwrite mode" in copy and "remove mode" in rename if it is in the same filesystem, but cross-filesystem rename use the "overwrite mode". We should maybe do something more consistent. FWIW, the Single Unix specification asks that mv removes the file, and cp overwrites it (but some implementation don't follow strictly this rule). In the case of copy, I think we can do it without race-conditions using open in O_EXCL|O_CREAT mode, and if it fails, using unlink and trying again. That would mean to use the "remove mode". In fact the "overwrite mode" is unsafe as soon as someone can replace the file with a hardlink to something else. -- Gaëtan LEURENT _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://lists.gnu.org/mailman/listinfo/emacs-devel
