GNU bug report logs - #11100
Racy code in copy.c

Previous Next

Package: coreutils;

Reported by: Philipp Thomas <pth <at> suse.de>

Date: Tue, 27 Mar 2012 13:32:02 UTC

Severity: normal

Merged with 11074

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Jim Meyering <jim <at> meyering.net>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#11100: closed (Racy code in copy.c)
Date: Mon, 07 May 2012 11:45:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Mon, 07 May 2012 13:41:57 +0200
with message-id <87y5p4dxq2.fsf <at> rho.meyering.net>
and subject line Re: bug#11100: Racy code in copy.c
has caused the debbugs.gnu.org bug report #11100,
regarding Racy code in copy.c
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
11100: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=11100
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Philipp Thomas <pth <at> suse.de>
To: bug-coreutils <at> gnu.org
Cc: Neil F Brown <nfbrown <at> suse.com>
Subject: Racy code in copy.c
Date: Tue, 27 Mar 2012 14:58:18 +0200

I'd like to pass on observations from my collegue Neil Brown:

in src/copy.c, copy_reg() is passed "bool *new_dst".

This is 'false' if the file already exists, in which case it attempts to
open the file with O_WRONLY | O_TRUNC | O_BINARY.
If it is 'true', only then does it use O_CREAT (and others).

Somewhere up the call chain - I'm not sure where - new_dst is set if 'stat'
on the file succeeds.  The above mentioned code assumes that the file still
exists.  This is racy - particularly for NFS where deletions from other
clients can take a while to appear.

Philipp



[Message part 3 (message/rfc822, inline)]
From: Jim Meyering <jim <at> meyering.net>
To: Philipp Thomas <pth <at> suse.de>
Cc: 11100-done <at> debbugs.gnu.org
Subject: Re: bug#11100: Racy code in copy.c
Date: Mon, 07 May 2012 13:41:57 +0200

Philipp Thomas wrote:
> * Jim Meyering (jim <at> meyering.net) [20120504 17:30]:
>
>> If there's a bugzilla reference for this, let me know
>> and I'll add it to the commit log.
>
> There is, but as it's a SLES bug it's only open for SUSE employees and
> customers and thus useless for a coreutils commit log. I'll instead
> reference the commit from said bug report.

Ok.  I've pushed that change.
This bug report was last modified 3 years and 185 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.