From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?utf-8?B?SsO2cm4=?= Engel <joern@logfs.org>
Subject: Re: copyfile semantics.
Date: Wed, 6 May 2009 07:57:12 +0200
Message-ID: <20090506055712.GA7562@logfs.org>
References: <1241331303-23753-1-git-send-email-joel.becker@oracle.com> <1241331303-23753-2-git-send-email-joel.becker@oracle.com> <20090505010703.GA12731@shareable.org> <20090505071608.GB10258@mail.oracle.com> <20090505130114.GD17486@mit.edu> <20090505131907.GF25328@shareable.org> <1241530798.7244.65.camel@think.oraclecorp.com> <20090505153629.GB31100@shareable.org> <20090505164619.GA32180@logfs.org> <20090505214454.GP3209@webber.adilger.int>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: Jamie Lokier <jamie@shareable.org>,
	Chris Mason <chris.mason@oracle.com>,
	Theodore Tso <tytso@mit.edu>, linux-fsdevel@vger.kernel.org,
	jmorris@namei.org, ocfs2-devel@oss.oracle.com,
	viro@zeniv.linux.org.uk
To: Andreas Dilger <adilger@sun.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from lazybastard.de ([212.112.238.170]:38527 "EHLO
	longford.logfs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750702AbZEFF52 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 6 May 2009 01:57:28 -0400
Content-Disposition: inline
In-Reply-To: <20090505214454.GP3209@webber.adilger.int>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, 5 May 2009 15:44:54 -0600, Andreas Dilger wrote:
>=20
> > or copyfile() will also have to create a tempfile, rename the
> > tempfile when the copy is done and deal with all possible errors.  =
And
> > if the system crashes, who will remove the tempfile on reboot?  Wil=
l the
> > tempfile have a well-known name, allowing for easy DoS?  Or will it=
 be
> > random, causing much fun locating it after reboot.
>=20
> Maybe I'm missing something, but why do we need a tempfile at all?
> I can't imagine that people expect atomic semantics for copyfile(),
> any more than they expect atomic sematics for "cp" in the face of a
> crash.

In the case of cowlink() a tempfile is required when breaking the link.
Otherwise open() can result in the file disappearing or being truncated=
=2E
Rather unexpected.

If copyfile() doesn't try to be smart and does the actual copy when
being called, I could certainly live with half-written files.

J=C3=B6rn

--=20
"Security vulnerabilities are here to stay."
-- Scott Culp, Manager of the Microsoft Security Response Center, 2001
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel=
" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html