[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH v2] seedrng: limit poolsize to 256 bytes and document flock() and fsync() usage
From: Denys Vlasenko <vda.linux () googlemail ! com>
Date: 2022-04-30 21:54:21
Message-ID: CAK1hOcPxVqw4SAVdhO0N=rZe0=jrpeyE9aqAiZS64MNWO35Oow () mail ! gmail ! com
[Download RAW message or body]
On Sat, Apr 30, 2022 at 3:48 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> On Sat, Apr 30, 2022 at 3:12 PM Denys Vlasenko <vda.linux@googlemail.com> wrote:
> > > @@ -190,6 +192,8 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
> > > if (mkdir(seed_dir, 0700) < 0 && errno != EEXIST)
> > > bb_perror_msg_and_die("can't %s seed directory", "create");
> > > dfd = open(seed_dir, O_DIRECTORY | O_RDONLY);
> > > + /* The flock() here is absolutely necessary, as the consistency of this
> > > + * program breaks down with concurrent uses. */
> > > if (dfd < 0 || flock(dfd, LOCK_EX) < 0)
> > > bb_perror_msg_and_die("can't %s seed directory", "lock");
> >
> > The locking is notoriously not reliable across networked filesystems,
> > and people often find more reliable ways to ensure safety wrt concurrency.
> >
> > E.g. renaming the file before use (rename is atomic even on NFS).
> >
> > Or, for example, what if we open /var/lib/seedrng/seed.credit,
> > then try to unlink it. if unlink fails with ENOENT, this means we have
> > a concurrent user. Thus, we bail out with an error message.
> > Would this work?
>
> No, because a concurrent user might have replaced seed.credit at just
> the wrong moment:
>
> readfile()
> readfile()
> unlink() = success
> createnewseed()
> unlink() = success
I see. Thank you.
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic