[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] Re: Connections [Is it hiding a security hole?]
|
From: |
Per Hedeland |
|
Subject: |
Re: [Pan-users] Re: Connections [Is it hiding a security hole?] |
|
Date: |
Sun, 17 Aug 2008 12:38:46 +0200 (CEST) |
Duncan <address@hidden> wrote:
>
>Per Hedeland <address@hidden> posted
>address@hidden, excerpted below, on Sun,
>17 Aug 2008 01:53:55 +0200:
>
>> And of course Pan doesn't delete (and re-create) the file out of an evil
>> desire to circumvent the lack of write permissions on the file, it's
>> pretty much standard procedure when you update config files and the like
>> programatically. I.e. you create a *new* file (say servers.xml.tmp),
>> write the data to that, and then 'mv' (or rather rename()) it over the
>> old one. This has several advantages, notably that you don't end up with
>> a mess if the writing fails for some reason, and that the change is
>> atomic, i.e. there is never a file which is half-old and half-new.
>
>Well stated. =8^)
Thanks:-) - though having written it, I actually had some doubt: I seem
to recall that you can end up with a number of files in ~/.pan2 being
zero size if the file system it's in happens to be full at an
inopportune moment (I even seem to recall that it has happened to me).
This is of course precisely the thing that a program should be able to
avoid by using the above technique - so either I misremember, or Pan is
using the technique but not taking advantage of it (i.e. renaming the
new file to the old name even if there was a problem writing the new one
- maybe not even checking the return values from write(2) or whatever
it's using for the writing).
--Per
[Pan-users] Re: Connections [Is it hiding a security hole?], Duncan, 2008/08/16