2010/3/12 Mike Gerdts <mgerdts at gmail.com>:
> 2010/3/12 ????? ???????????? <olga.kryzhanovska at gmail.com>:
>> This one, right?
>> -i[SUFFIX], --in-place[=SUFFIX]
>> edit files in place (makes backup if extension supplied)
>>
>> -i copies the content to a temporary backup file, truncates the
>> original (keeping permissions, ACL flags etc) and starts processing
>> from backup to original file, right?
>
> This algorithm can introduce race conditions which could result in
> security problems and in disk full conditions can result in a
> partially written file.
Where do you see the race?
> A better approach would be the equivalent of:
>
> 1. ln $file $file.$suffix
> 2. newfile=$(mktemp $(dirname $file)/$(basename $file).XXXXXX
> 3. chown $user:$group $newfile
> 4. chmod $perms $newfile ; # plus more magic to do extended attributes
> 5. sed $sedprog $file > $newfile
> 6. rename $newfile $file
>
> Important points of the above are:
>
> 1. Takes no space (aside from a directory entry), preserves permissions
> 2. Secure creation of a temporary file in the same directory as the
> file to ensure that rename(2) works. If a symlink is involved, this
> should be done in the directory where the file really exists.
> 3 - 4. Sets the permissions properly. Use the same code or algorithm
> that cp -p@ uses.
This is a hard part which I like to avoid.
1. There is no libc function which does copy all ACL data the way cp
-p@ does. We have to copy much of cp's code.
2. It is not possible to set owner/group or all ACLs if we are not in
the same user/group, yet the original file may be writable for me but
not owned by me. Truncating the file avoids the requirement to copy
the ACL or owner/group totally.
Olga
--
, _ _ ,
{ \/`o;====- Olga Kryzhanovska -====;o`\/ }
.----'-/`-/ olga.kryzhanovska at gmail.com \-`\-'----.
`'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'`
/\/\ /\/\
`--` `--`
