GNU bug report logs - #11100
Racy code in copy.c

Previous Next

Package: coreutils;

Reported by: Philipp Thomas <pth <at> suse.de>

Date: Tue, 27 Mar 2012 13:32:02 UTC

Severity: normal

Merged with 11074

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Philipp Thomas <pth <at> suse.de>
Subject: bug#11100: closed (Re: bug#11100: Racy code in copy.c)
Date: Mon, 07 May 2012 11:45:03 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#11100: Racy code in copy.c

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 11100 <at> debbugs.gnu.org.

-- 
11100: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=11100
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Jim Meyering <jim <at> meyering.net>
To: Philipp Thomas <pth <at> suse.de>
Cc: 11100-done <at> debbugs.gnu.org
Subject: Re: bug#11100: Racy code in copy.c
Date: Mon, 07 May 2012 13:41:57 +0200

Philipp Thomas wrote:
> * Jim Meyering (jim <at> meyering.net) [20120504 17:30]:
>
>> If there's a bugzilla reference for this, let me know
>> and I'll add it to the commit log.
>
> There is, but as it's a SLES bug it's only open for SUSE employees and
> customers and thus useless for a coreutils commit log. I'll instead
> reference the commit from said bug report.

Ok.  I've pushed that change.


[Message part 3 (message/rfc822, inline)]
From: Philipp Thomas <pth <at> suse.de>
To: bug-coreutils <at> gnu.org
Cc: Neil F Brown <nfbrown <at> suse.com>
Subject: Racy code in copy.c
Date: Tue, 27 Mar 2012 14:58:18 +0200

I'd like to pass on observations from my collegue Neil Brown:

in src/copy.c, copy_reg() is passed "bool *new_dst".

This is 'false' if the file already exists, in which case it attempts to
open the file with O_WRONLY | O_TRUNC | O_BINARY.
If it is 'true', only then does it use O_CREAT (and others).

Somewhere up the call chain - I'm not sure where - new_dst is set if 'stat'
on the file succeeds.  The above mentioned code assumes that the file still
exists.  This is racy - particularly for NFS where deletions from other
clients can take a while to appear.

Philipp
This bug report was last modified 3 years and 184 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.