Re: install.c: please set unlink_dest_before

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: install.c: please set unlink_dest_before_opening=false

From:	Jim Meyering
Subject:	Re: install.c: please set unlink_dest_before_opening=false
Date:	Thu, 01 Mar 2007 12:29:04 +0100

"Robert Millan [ackstorm]" <address@hidden> wrote:
> On Thu, Mar 01, 2007 at 11:46:09AM +0100, Jim Meyering wrote:
>>
>> The proposed change has another disadvantage.
>>
>> If we don't break destination hard links, then we must write
>> directly to the destination file, and that cannot be done atomically.
>> This would definitely have security implications, so we can't
>> change GNU install's default.
>
> Why would that have security implications?  Once you open the file for
> writing, nobody can do anything else with it.  From this POV, it is
> as if the write were atomical.

Someone can certainly read it.
Imagine we're installing a file that will serve as an access
control list.  Depending on the layout/semantics of the file,
letting processes use an incomplete copy might be
equivalent to granting access to everyone.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: install.c: please set unlink_dest_before_opening=false, Jim Meyering, 2007/03/01
- Re: install.c: please set unlink_dest_before_opening=false, Robert Millan [ackstorm], 2007/03/01
  - Re: install.c: please set unlink_dest_before_opening=false, Jim Meyering <=
    - Re: install.c: please set unlink_dest_before_opening=false, Paul Eggert, 2007/03/02

Prev by Date: Re: install.c: please set unlink_dest_before_opening=false
Next by Date: Re: coreutils-6.8 does not compile
Previous by thread: Re: install.c: please set unlink_dest_before_opening=false
Next by thread: Re: install.c: please set unlink_dest_before_opening=false
Index(es):
- Date
- Thread