[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: install.c: please set unlink_dest_before_opening=false
From: |
Jim Meyering |
Subject: |
Re: install.c: please set unlink_dest_before_opening=false |
Date: |
Thu, 01 Mar 2007 12:29:04 +0100 |
"Robert Millan [ackstorm]" <address@hidden> wrote:
> On Thu, Mar 01, 2007 at 11:46:09AM +0100, Jim Meyering wrote:
>>
>> The proposed change has another disadvantage.
>>
>> If we don't break destination hard links, then we must write
>> directly to the destination file, and that cannot be done atomically.
>> This would definitely have security implications, so we can't
>> change GNU install's default.
>
> Why would that have security implications? Once you open the file for
> writing, nobody can do anything else with it. From this POV, it is
> as if the write were atomical.
Someone can certainly read it.
Imagine we're installing a file that will serve as an access
control list. Depending on the layout/semantics of the file,
letting processes use an incomplete copy might be
equivalent to granting access to everyone.