Lauri Tirkkonen wrote: > On Mon, Jan 07 2019 15:48:25 -0500, Ted Unangst wrote: > > Lauri Tirkkonen wrote: > > > Hi, it seems install(1) has a race condition: in create_newfile, it > > > first unlinks the target file and then tries to open it with > > > O_CREAT|O_EXCL. > > > > > The below diff essentially removes the -S option and makes install > > > always use temp files (ie. -S is always on), eliminating the race since > > > rename(2) cannot fail like this. > > > > I don't know. Presumably if there weren't any downside to safecopy, it would > > already have been made the default. > > I had this thought, but could not think of any real downsides... > > > This doubles the number of synchronous > > file operations. > > Does it? Without safecopy, the operations performed are: > > unlink(targetfile); > open(targetfile, O_CREAT|O_EXCL); > write(); > fchmod(); > close(); > > with safecopy, they are: > > open(tempfile, O_CREAT|O_EXCL); > write(); > fchmod(); > close(); > rename(tempfile, targetfile); > > which to me seems identical in the number of file syscalls made.
oh, I think I forgot to count the unlink(). rename() within a directory is about the same cost as unlink(), so the two cases do seem equal.
