From mboxrd@z Thu Jan 1 00:00:00 1970 From: Scott James Remnant Date: Tue, 25 Aug 2009 16:08:13 +0000 Subject: Re: [security] Race condition in udev Message-Id: <1251216493.4175.71.camel@quest> MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-zsyrC8ZFyunXF2Iy8otQ" List-Id: References: <20090821102407.GA29609@florz.florz.dyndns.org> In-Reply-To: <20090821102407.GA29609@florz.florz.dyndns.org> To: linux-hotplug@vger.kernel.org --=-zsyrC8ZFyunXF2Iy8otQ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2009-08-25 at 16:22 +0200, Florian Zumbiehl wrote: > > > > > well, in those two cases always rename()ing the new node into pla= ce would > > > > > work, too!? That would be a different strategy than what's in > > > > > place at the moment, but it wouldn't need a special case!? > > > > >=20 > > > > The rename() will fail. > > >=20 > > > Because? > > >=20 > > POSIX. >=20 > More specifically? >=20 > And anyhow, I thought we were talking about the Linux kernel?! >=20 If you don't know why rename() might fail, you really shouldn't be mucking around with this kind of code. > > > > > > Or when racing with devmapper which creates /dev/mapper/foo dev= ices at > > > > > > basically the same time as udev. > > > > >=20 > > > > > Seriously? How is a piece of code that does the existence check a= nd > > > > > the subsequent action depending on the result of that check non-a= tomically > > > > > supposed to help avoid some race condition resulting from possibl= e > > > > > concurrent creation of a device node?! > > > > >=20 > > > > Read the code and find out. It works. > > >=20 > > > Guess how I found out that it can not work. > > >=20 > > I don't know, you haven't given any detail of any problems you've > > encountered. >=20 > I haven't "encountered any problems", nor have I claimed to have > "encountered any problems". >=20 > You stated that the codepath in udev-node.c for the case when a > device node does already exist was somehow there for the case > when udev races with devmapper. I noted that that codepath is not > of any use in such a case, and that your argument thus is invalid. >=20 Since I wrote this code, and the code in devmapper, and have not only strenuously tested it; but have at least 18 million for whom it works every day, I'd argue that my argument is quite valid ;-) Scott --=20 Scott James Remnant scott@canonical.com --=-zsyrC8ZFyunXF2Iy8otQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkqUDG0ACgkQSnQiFMl4yK7z6gCfeoB2QSfmJvOLvG8kCeZUxl53 6WMAoIyjhu6wnZHEZf7A3Xeghqn/9KWn =7L82 -----END PGP SIGNATURE----- --=-zsyrC8ZFyunXF2Iy8otQ--