2010/3/12 Mike Gerdts <mgerdts at gmail.com>: > 2010/3/12 ????? ???????????? <olga.kryzhanovska at gmail.com>: >> This one, right? >> -i[SUFFIX], --in-place[=SUFFIX] >> edit files in place (makes backup if extension supplied) >> >> -i copies the content to a temporary backup file, truncates the >> original (keeping permissions, ACL flags etc) and starts processing >> from backup to original file, right? > > This algorithm can introduce race conditions which could result in > security problems and in disk full conditions can result in a > partially written file.
Where do you see the race? > A better approach would be the equivalent of: > > 1. ln $file $file.$suffix > 2. newfile=$(mktemp $(dirname $file)/$(basename $file).XXXXXX > 3. chown $user:$group $newfile > 4. chmod $perms $newfile ; # plus more magic to do extended attributes > 5. sed $sedprog $file > $newfile > 6. rename $newfile $file > > Important points of the above are: > > 1. Takes no space (aside from a directory entry), preserves permissions > 2. Secure creation of a temporary file in the same directory as the > file to ensure that rename(2) works. If a symlink is involved, this > should be done in the directory where the file really exists. > 3 - 4. Sets the permissions properly. Use the same code or algorithm > that cp -p@ uses. This is a hard part which I like to avoid. 1. There is no libc function which does copy all ACL data the way cp -p@ does. We have to copy much of cp's code. 2. It is not possible to set owner/group or all ACLs if we are not in the same user/group, yet the original file may be writable for me but not owned by me. Truncating the file avoids the requirement to copy the ACL or owner/group totally. Olga -- , _ _ , { \/`o;====- Olga Kryzhanovska -====;o`\/ } .----'-/`-/ olga.kryzhanovska at gmail.com \-`\-'----. `'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'` /\/\ /\/\ `--` `--`