Excerpts from Julien Danjou's message of 2013-12-05 01:22:00 -0800: > On Wed, Dec 04 2013, Sean Dague wrote: > > > Honestly, I'd love us to be clever and figure out a not dangerous way > > through this, even if unwise (where we can yell at the user in the LOGs > > loudly, and fail them in J if lock_dir=/tmp) that lets us progress > > through this while gracefully bringing configs into line. > > Correct me if I'm wrong, but I think the correct way to deal with that > security problem is to use an atomic operation using open(2) with: > open(pathname, O_CREAT | O_EXCL) >
DOS by a malicious user creating it first is still trivial. > or mkstemp(3). > Can't use mkstemp as the point is this needs to be something shared between processes. _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
