From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: gaetan.leurent@ens.fr (=?iso-8859-1?Q?Ga=EBtan?= LEURENT)
Newsgroups: gmane.emacs.devel
Subject: Re: Race-condition ?
Date: Wed, 29 Jun 2005 00:57:00 +0200
Message-ID: <qlky88ursxv.fsf@clipper.ens.fr>
References: <f7ccd24b05062402087cf11dd5@mail.gmail.com>
	<qlkbr5vdc8i.fsf@clipper.ens.fr> <E1DmP25-0006q9-Gk@fencepost.gnu.org>
	<qlk4qbk6gm4.fsf@clipper.ens.fr> <E1DmmJo-0004KX-CK@fencepost.gnu.org>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: sea.gmane.org 1120001288 14044 80.91.229.2 (28 Jun 2005 23:28:08 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Tue, 28 Jun 2005 23:28:08 +0000 (UTC)
Cc: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jun 29 01:27:58 2005
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Original-Received: from lists.gnu.org ([199.232.76.165])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1DnPU1-0000UI-HD
	for ged-emacs-devel@m.gmane.org; Wed, 29 Jun 2005 01:27:13 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1DnPZU-0004yC-RG
	for ged-emacs-devel@m.gmane.org; Tue, 28 Jun 2005 19:32:53 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1DnPXT-0004x0-Ph
	for emacs-devel@gnu.org; Tue, 28 Jun 2005 19:30:48 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1DnPXP-0004vQ-Jd
	for emacs-devel@gnu.org; Tue, 28 Jun 2005 19:30:44 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1DnPXO-0004vN-8o
	for emacs-devel@gnu.org; Tue, 28 Jun 2005 19:30:42 -0400
Original-Received: from [129.199.96.40] (helo=nef2.ens.fr)
	by monty-python.gnu.org with esmtp (Exim 4.34)
	id 1DnP5K-0007QQ-SJ; Tue, 28 Jun 2005 19:01:43 -0400
Original-Received: from clipper.ens.fr (clipper-gw.ens.fr [129.199.1.22])
	by nef2.ens.fr (8.13.2/1.01.28121999) with ESMTP id j5SMv0bg006405
	; Wed, 29 Jun 2005 00:57:00 +0200 (CEST)
X-Envelope-To: rms@gnu.org
Original-Received: from (leurent@localhost) by clipper.ens.fr (8.13.1/jb-1.1)
X-Authentication-Warning: clipper.ens.fr: leurent set sender to
	gaetan.leurent@ens.fr using -f
Original-To: rms@gnu.org
X-Start-Date: Tue, 28 Jun 2005 23:44:28 +0200
X-Spook: Kh-11 Armani bomb bank Jiang Zemin freedom CipherTAC-2000 lynch COSCO
	Centro Steve Case crypto anarchy codes jihad class struggle 
In-Reply-To: <E1DmmJo-0004KX-CK@fencepost.gnu.org> (Richard M. Stallman's
	message of "Mon, 27 Jun 2005 01:38:04 -0400")
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (usg-unix-v)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.10
	(nef2.ens.fr [129.199.96.32]);
	Wed, 29 Jun 2005 00:57:00 +0200 (CEST)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:39837
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:39837


Richard M. Stallman wrote on 27 Jun 2005 07:38:04 +0200:

> I think it may be too difficult to fix all the places
> that do this, but would you like to try fixing one or two
> as a first step?

In fact, doing the right thing is not so obvious as I thought. I've
looked at various implementations of mv and cp (from GNU, OpenSolaris,
OpenBSD and FreeBSD) and at the Single Unix Specification, and almost
each one uses a subtly different way, and they all allow some kind of
race-condition. Some (including GNU mv and GNU cp) do even use chown and
chmod in the same unsafe way that we did previously, so I will report
that to them.

Now, as for as I can tell, there is no way to move a file asking the
user what to do if needed and avoid every race-conditions in a Unix-like
OS. I will try to come with a solution that avoids the worse problems.

An other question is to decide what to do when the destination file
exists: we can either overwrite it or remove it and create a new
one. Those two ways will have different effects if the file we
overwrite/remove has a link count > 1. Current emacs implementation use
"overwrite mode" in copy and "remove mode" in rename if it is in the
same filesystem, but cross-filesystem rename use the "overwrite
mode". We should maybe do something more consistent. FWIW, the Single
Unix specification asks that mv removes the file, and cp overwrites it
(but some implementation don't follow strictly this rule).

In the case of copy, I think we can do it without race-conditions using
open in O_EXCL|O_CREAT mode, and if it fails, using unlink and trying
again. That would mean to use the "remove mode". In fact the "overwrite
mode" is unsafe as soon as someone can replace the file with a hardlink
to something else.

--=20
Ga=EBtan LEURENT