Re: Race-condition ?

[Gaëtan LEURENT]

Richard M. Stallman wrote on 27 Jun 2005 07:38:04 +0200:

> I think it may be too difficult to fix all the places
> that do this, but would you like to try fixing one or two
> as a first step?

In fact, doing the right thing is not so obvious as I thought. I've
looked at various implementations of mv and cp (from GNU, OpenSolaris,
OpenBSD and FreeBSD) and at the Single Unix Specification, and almost
each one uses a subtly different way, and they all allow some kind of
race-condition. Some (including GNU mv and GNU cp) do even use chown and
chmod in the same unsafe way that we did previously, so I will report
that to them.

Now, as for as I can tell, there is no way to move a file asking the
user what to do if needed and avoid every race-conditions in a Unix-like
OS. I will try to come with a solution that avoids the worse problems.

An other question is to decide what to do when the destination file
exists: we can either overwrite it or remove it and create a new
one. Those two ways will have different effects if the file we
overwrite/remove has a link count > 1. Current emacs implementation use
"overwrite mode" in copy and "remove mode" in rename if it is in the
same filesystem, but cross-filesystem rename use the "overwrite
mode". We should maybe do something more consistent. FWIW, the Single
Unix specification asks that mv removes the file, and cp overwrites it
(but some implementation don't follow strictly this rule).

In the case of copy, I think we can do it without race-conditions using
open in O_EXCL|O_CREAT mode, and if it fails, using unlink and trying
again. That would mean to use the "remove mode". In fact the "overwrite
mode" is unsafe as soon as someone can replace the file with a hardlink
to something else.

-- 
Gaëtan LEURENT