Derek Martin wrote in <20180823050819.ga20...@bladeshadow.org>: |On Wed, Aug 22, 2018 at 11:12:39AM -0700, Kevin J. McCarthy wrote: |> On Wed, Aug 22, 2018 at 10:04:12AM -0500, Derek Martin wrote: ... |> Steffen's cautions apply to dotlock code, which is a different case and |> is not affected by this change. | |It's fundamentally the same thing though. The mechanism for dotlock |works like this: | | - create a secure temporary file (with O_EXCL). | This ensures that the file we're opening for the lock has not been | subverted by another process, potentially an attacker. | - stat the file
This does not happen for the traditional BSD code. | - link the file to canonical name | If the link succeeds, we have the lock, but the rc from link is | unreliable, so... | - stat the file again using the new link | Here, we compare the inode and/or make sure the link count has | increased, to ensure we're really dealing with the same file... No, instead stat(2) is called on the temporary file, and if that has a link count of 2 then we have won the race on the lock file. | - write the PID to the lock file | - unlink the temporary file | |Exact details may vary slightly, but that's the essence of it. This |is almost exactly what _maildir_commit_message() (and safe_rename()) |does, for largely the same reasons, though the purpose of the file is |different. I do not know. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)