From: David Lang <david.lang@digitalinsight.com>
To: "Jörn Engel" <joern@wohnheim.fh-wedel.de>
Cc: Nick Piggin <piggin@cyberone.com.au>,
Robert White <rwhite@casabyte.com>,
"'Jesse Pollard'" <jesse@cats-chateau.net>,
"'Florian Weimer'" <fw@deneb.enyo.de>,
Valdis.Kletnieks@vt.edu, "'Daniel Gryniewicz'" <dang@fprintf.net>,
"'linux-kernel mailing list'" <linux-kernel@vger.kernel.org>
Subject: Re: OT: why no file copy() libc/syscall ??
Date: Thu, 27 Nov 2003 02:58:13 -0800 (PST) [thread overview]
Message-ID: <Pine.LNX.4.58.0311270253130.6400@dlang.diginsite.com> (raw)
In-Reply-To: <20031127100217.GA9199@wohnheim.fh-wedel.de>
On Thu, 27 Nov 2003, Jörn Engel wrote:
> On Thu, 27 November 2003 01:50:46 -0800, David Lang wrote:
> > >
> > > I don't think it should do any linking / unlinking it should just work
> > > with file descriptors. Concurrent writes to a file don't have many
> > > guarantees. sys_copy shouldn't have to be any stronger (read weaker).
> >
> > I'm thinking that it may actually be easier to do this via file paths
> > instead of file descripters. with file paths something like COW or
> > zero-copy copy can be done trivially (and the kernel knows the user
> > credentials of the program issuing the command and can pass them on to the
> > filesystem to see if it's allowed). I don't see how this can be done with
> > file descripters (if all you have is a file descripter you can truncate
> > and write a file, but you don't know all the links to that file so you
> > can't reposition that first inode for example).
>
> And how is userspace supposed to protect itself from race conditions?
> Just compare:
>
> fd1 = open(path1);
> if (stat(fd1) looks fishy)
> abort();
> fd2 = open(path2);
> if (stat(fd2) looks fishy)
> abort();
> copy(fd1, fd2);
>
> and:
>
> fd1 = open(path1);
> if (stat(fd1) looks fishy)
> abort();
> fd2 = open(path2);
> if (stat(fd2) looks fishy)
> abort();
> copy(path1, path2);
>
> Jörn
>
Ok, good point. my first reaction is to make copy refuse to function
unless the target doesn't exist (protect the output), but that doesn't
solve the problem of protecting the input or preventing someone else from
tampering with the output (unless you have copy return the FD to use to
access the output)
actually thinking about it a bit more, did I make a stupid mistake and
think that the FD points at the beginning of the file when it really
points at the inode? if it points at the inode then the problems I was
refering to don't exist.
David Lang
next prev parent reply other threads:[~2003-11-27 10:13 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-11 1:05 OT: why no file copy() libc/syscall ?? Albert Cahalan
2003-11-11 3:50 ` Andreas Dilger
2003-11-11 4:03 ` Daniel Gryniewicz
2003-11-11 4:14 ` Valdis.Kletnieks
2003-11-11 6:00 ` Andreas Dilger
2003-11-11 8:58 ` Florian Weimer
2003-11-11 10:27 ` jw schultz
2003-11-11 20:08 ` Jan Harkes
2003-11-12 15:36 ` Jesse Pollard
2003-11-20 17:21 ` Florian Weimer
2003-11-20 19:08 ` Jesse Pollard
2003-11-20 19:12 ` Florian Weimer
2003-11-20 19:44 ` Justin Cormack
2003-11-20 20:44 ` Timothy Miller
2003-11-20 21:07 ` Andreas Dilger
2003-11-20 21:30 ` Timothy Miller
2003-11-20 21:49 ` Maciej Zenczykowski
2003-11-20 21:52 ` Timothy Miller
2003-11-20 21:58 ` Hua Zhong
2003-11-22 14:50 ` Pavel Machek
2003-11-22 19:50 ` Jamie Lokier
2003-11-22 23:07 ` Andreas Schwab
2003-11-21 16:24 ` Jesse Pollard
2003-11-20 21:48 ` Maciej Zenczykowski
2003-11-21 16:34 ` Jesse Pollard
2003-11-20 22:31 ` Xavier Bestel
2003-11-20 22:44 ` Andreas Dilger
2003-11-27 2:40 ` Robert White
2003-11-27 7:29 ` Nick Piggin
2003-11-27 9:15 ` David Lang
2003-11-27 8:56 ` Nick Piggin
2003-11-27 9:50 ` David Lang
2003-11-27 10:02 ` Jörn Engel
2003-11-27 10:58 ` David Lang [this message]
2003-12-01 16:20 ` Jesse Pollard
2003-11-11 8:52 ` Gábor Lénárt
2003-11-11 13:38 ` Rogier Wolff
2003-11-11 13:53 ` Jakub Jelinek
2003-11-11 13:58 ` David Woodhouse
2003-11-13 20:22 ` H. Peter Anvin
2003-11-13 23:39 ` Andrea Arcangeli
2003-11-14 0:04 ` jw schultz
2003-11-14 0:36 ` H. Peter Anvin
2003-11-14 1:10 ` Andrea Arcangeli
2003-11-14 1:15 ` H. Peter Anvin
2003-11-11 14:11 ` Albert Cahalan
2003-11-12 15:19 ` Jesse Pollard
2003-11-14 3:42 ` Albert Cahalan
[not found] <1068512710.722.161.camel@cube.suse.lists.linux.kernel>
[not found] ` <20031111133859.GA11115@bitwizard.nl.suse.lists.linux.kernel>
[not found] ` <20031111085323.M8854@devserv.devel.redhat.com.suse.lists.linux.kernel>
[not found] ` <bp0p5m$lke$1@cesium.transmeta.com.suse.lists.linux.kernel>
[not found] ` <20031113233915.GO1649@x30.random.suse.lists.linux.kernel>
[not found] ` <3FB4238A.40605@zytor.com.suse.lists.linux.kernel>
[not found] ` <20031114011009.GP1649@x30.random.suse.lists.linux.kernel>
[not found] ` <3FB42CC4.9030009@zytor.com.suse.lists.linux.kernel>
2003-11-14 15:26 ` Andi Kleen
2003-11-18 15:49 ` Jamie Lokier
2003-11-18 16:05 ` Andi Kleen
2003-11-18 16:25 ` Trond Myklebust
2003-11-19 13:30 ` Jesse Pollard
2003-11-18 16:58 ` H. Peter Anvin
2003-11-19 2:12 ` Linus Torvalds
2003-11-19 4:04 ` Chris Adams
[not found] <Qvw7.5Qf.9@gated-at.bofh.it>
[not found] ` <QxRl.17Y.9@gated-at.bofh.it>
[not found] ` <Qy0W.1sk.9@gated-at.bofh.it>
[not found] ` <QyaB.1GK.17@gated-at.bofh.it>
[not found] ` <QzSZ.4x1.1@gated-at.bofh.it>
[not found] ` <QCHh.X6.3@gated-at.bofh.it>
2003-11-11 9:51 ` Ihar 'Philips' Filipau
2003-11-11 10:41 ` jw schultz
[not found] ` <QH4e.eV.3@gated-at.bofh.it>
2003-11-11 14:11 ` Ihar 'Philips' Filipau
2003-11-11 15:02 ` Rogier Wolff
2003-11-11 15:31 ` Ihar 'Philips' Filipau
2003-11-11 20:22 ` Jan Harkes
2003-11-11 20:31 ` Valdis.Kletnieks
[not found] <QDtX.2dq.15@gated-at.bofh.it>
[not found] ` <QDtX.2dq.17@gated-at.bofh.it>
[not found] ` <QDtX.2dq.19@gated-at.bofh.it>
[not found] ` <QDtX.2dq.21@gated-at.bofh.it>
[not found] ` <QDtX.2dq.23@gated-at.bofh.it>
[not found] ` <QDtY.2dq.25@gated-at.bofh.it>
[not found] ` <QDtX.2dq.13@gated-at.bofh.it>
[not found] ` <QEg2.3zi.9@gated-at.bofh.it>
2003-11-11 12:43 ` Ihar 'Philips' Filipau
-- strict thread matches above, loose matches on Subject: below --
2003-11-10 12:09 Bradley Chapman
2003-11-10 18:47 ` Tomas Konir
2003-11-10 22:44 ` Derek Foreman
[not found] <QiyV.1k3.15@gated-at.bofh.it>
2003-11-10 12:08 ` Ihar 'Philips' Filipau
2003-11-10 13:29 ` Jesse Pollard
2003-11-10 14:22 ` Daniel Jacobowitz
2003-11-11 20:57 ` Jakob Oestergaard
2003-11-10 15:19 ` David Woodhouse
2003-11-10 16:15 ` Jesse Pollard
2003-11-11 12:00 ` davide.rossetti
2003-11-11 12:08 ` Andreas Schwab
2003-11-11 12:23 ` davide.rossetti
2003-11-10 11:33 Davide Rossetti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.58.0311270253130.6400@dlang.diginsite.com \
--to=david.lang@digitalinsight.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=dang@fprintf.net \
--cc=fw@deneb.enyo.de \
--cc=jesse@cats-chateau.net \
--cc=joern@wohnheim.fh-wedel.de \
--cc=linux-kernel@vger.kernel.org \
--cc=piggin@cyberone.com.au \
--cc=rwhite@casabyte.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).