Re: [Nano-devel] reducing system calls for file io

[Jay Carlson]

(thanks for the commit)

On Sunday, April 21, 2002, at 09:59 PM, David Benbennick wrote:

> On Sun, Apr 21, 2002 at 02:40:52PM -0400, Jay Carlson wrote:    <snip>
> > In order to keep the current tight control over open() options, file
> > descriptors are open()ed and then converted to FILE * via fdopen().
>
> It appears that the only "tight control" over open() not available to
> fopen() is the "mode" parameter.  But nano sets the modes later with
> chmod() anyway.  Thus, I think it would be fine to replace each open()
> with fopen().

There's O_EXCL for temporary files; I don't see a good way around that 
one.

Incidentally, there's still a denial-of-service race for temporary 
files.  We make a pathname up by opening paths exclusively in 
safe_tempnam until we find one, and then close it.  A bit later in 
write_file we attempt to open that name exclusively.  A bad person could 
have 1) found the file name we were planning to use and 2) created a 
file with the same name between the time we decided on the name and 
opened it again for real; this makes our O_EXCL open fail.  Of course, 
the user will be told the open failed, and will get another chance to 
try the operation, so it's not like this is going to lead to exploits.

I kinda think write_file is getting too big.  It could be refactored into

int write_buffer(FILE *f, const char 
*name_for_display_in_diagnostics); /* returns line count or -1 on 
errors */

/* following are responsible for opening and closing the FILE * */

int write_file(const char *name, int want_namechange);
int write_file_prepend(const char *name, int want_namechange);
int write_file_append(const char *name, int want_namechange);
int write_temporary_file(char *name /* filled in for you */);

I don't understand the namechange stuff though, and I gotta go get on a 
plane.

Jay