Re: request-route

Zoltan Hidvegi (hzoli@FRONTIERNET.NET)
Fri, 01 Aug 1997 01:12:23 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casper Dik: "Re: request-route"
Previous message: Chris Terry: "perl fingerd stupidity"

John Macdonald wrote:
> The point remains that "ln" is no worse than "mkdir" - either
> they both can be used directly or else "ln" can be made to work
> in the face of false NAKs while "mkdir" cannot be so made.
> There is no reason to prefer using "mkdir". If you are going to
> have to deal many NFS implementations, some of which might be
> old or buggy, then there is a reason to prefer "ln".

The reason that you might still want to use mkdir, where this whole
thread originally started, is that from a Bourne shell script, there is
no safe way to write to a file in a world-writable directory. Even if
you create the lock file with ln, you will have to create the temporary
lock file which you link and if your shell does not have some strong
random number generator, it is easy for an attacker to guess the
temporary lock name.

Therefore, the safest way to create a lock from a shell is to create a
directory (not forgetting umask 077 before that), create the temporary
lock file in the new directory, link that temporary lock to the real lock
and remove the temporary file and directory. That way you get all the
benifits ln and your shell script will be safe.

Zoltan

Next message: Casper Dik: "Re: request-route"
Previous message: Chris Terry: "perl fingerd stupidity"