From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 19170 invoked from network); 9 Oct 2020 21:40:48 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 9 Oct 2020 21:40:48 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1602279648; b=DTyikpP0yfe7YRF7t3ieWXjSP2x5Hm6QiyMOgOn3L35MsrjLgRw8xLzclHglFPq4WizBNh0XPH qWAglDIqhHDdL1CxhN1pBrL8/EJFv1EPjjU6vkjlxHSf++a8b0jluNxKPENnXW7nGQZjaGV+g/ JP8t5wvKY+abck0ninEZ1op1q4+Pq3GJ/szA2Tsguc+kbnRYhLOBEkrVduUyW3+vS280JhobOX gf08CKkUy2nI7NgftHBop7aJlHPeuuSclGxG7i9oPERf4GxuLOQPOCUMB3q/w7SPgLUXOPswil evGn+ReDbW0uH1plyCsbil+a+uav9WeBo+u6TusAK3Zaog==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-ot1-f68.google.com) smtp.remote-ip=209.85.210.68; dkim=pass header.d=gmail.com header.s=20161025 header.a=rsa-sha256; dmarc=pass header.from=gmail.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1602279648; bh=ROMNQwyjTveQluiuh56XuzuNWcM6TWmuDF4pcvjzWHQ=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:DKIM-Signature:DKIM-Signature; b=IhzH0Pg0Ceh5IJojY6T1N642F7jDEcMD7OJKM/RH7p8PGoWDxgF3cWDqjO2oHI3vvI8/0emXfO xhFpGdSJh2hqptXlerqJ2uFJSiyfmXlqDz36wT9k20XihP7A1Xp05xNnupJEQ5ePYdme5PmbfZ DewsxwrS0rQ1v7X2TFqHhETEmkGXTOMzYnHPtxS1JWNxGdhDxI++dAH+C83TUiRxh/bu8i2lT4 F+JUehF6VjanKBIWVgIQIJlI0v+jUYKH86fH4s3N08SjuXH/B9/suG6ShvhHLjk1J+HmVGcw44 qkh5C5MCWp+DcN1BPqkzllgOQBXfu7cIGjsQnF7s6cL4Gg==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:To:From:Date:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=N0bGAjNVUEsNCq3ay2nK2ZD6E+XoOonjdBePgDSBAuQ=; b=NKMrGYqXUtZIbq+rX+a2qdf6+g Y9yJLYn9UId1Jaw9K3Yjqa586PubrIsLCjO6OlYd5EMryraFlyrg/D5Thh3e3wtEoyk1+c5NqcwL0 5J6sBihFLVOYuRZv2XuZp2wT9cqDjpTgLs6YWE6O4rkNzOupTGZsjkSKZBotWWnfSasMP/U35bi7l VpmMepAbO34GR7BvgBhmdMPJRoAQxirAmja+7jXlkPEn3kwNRdCFPGuMGTeOEx82PBmZzoiwi1Y9/ amwjTh+vutmoDPPuI3GUHoTu8Ioe+tFbzPK0/MO7NjKSi4eAzmfcUoQPJPB3oIppB/c1ASXlyW+wU MBLn5Ifw==; Received: from authenticated user by zero.zsh.org with local id 1kR082-000KlS-8G; Fri, 09 Oct 2020 21:40:42 +0000 Authentication-Results: zsh.org; iprev=pass (mail-ot1-f68.google.com) smtp.remote-ip=209.85.210.68; dkim=pass header.d=gmail.com header.s=20161025 header.a=rsa-sha256; dmarc=pass header.from=gmail.com; arc=none Received: from mail-ot1-f68.google.com ([209.85.210.68]:33009) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1kR07i-000KdG-1L; Fri, 09 Oct 2020 21:40:22 +0000 Received: by mail-ot1-f68.google.com with SMTP id t15so10358905otk.0 for ; Fri, 09 Oct 2020 14:40:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=N0bGAjNVUEsNCq3ay2nK2ZD6E+XoOonjdBePgDSBAuQ=; b=VDbKjYPxq0V7pWOMof5jg2WuLS4VzrxGO+sE3kHOz4QWBrXs3pcb6mbTai+FbKPZ2F 62Y/CntnEm8NnKkq3j0flsOMY+NNadBn0fF2/jXE+u3Ocou2R2sdBpH4VAYCYDL0dFW+ 7qYiGVcGHXUKSeNlqDQYyNAlgmLPHOCPc+Ez23DVEDKXWdbfa+oKkpWRp9rDRizyxeMv vnZnq64/PV/vRr3MHYb0tUWuhd0v3aF3a+as60GMrl7veoJtEa1jFrvGeFGmw8Dj+HQ+ r1aTHHK4buB0A0ipDMUT/PkqbGoQMCIrvx9PczdCnVtcgkj4Fdk6umLXYwwbGPSFrJ+z EQnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mail-followup-to :references:mime-version:content-disposition:in-reply-to; bh=N0bGAjNVUEsNCq3ay2nK2ZD6E+XoOonjdBePgDSBAuQ=; b=RNBVVFCtLt7I3RBahA9HTX2/GZR7gNLi3LRM9az5iY1GrHQrYx/54Trdbni4U6VgPy m9vc43Ep6vGk0QFPEfcr7XfyMXpxztg+3LaarDC8lslW7iW+FmC9XBSbsUY6kPQ/MnWk UkAsvDtZQjC7BHzqgbg6yK84maLslqXiowbm888g/ZKBtpqyExQ0puzbyZKtOORUZf3K uuqNoco91s6TyV+a7W5dtiOjv8eAceEqYx9ZvWrCKg+NniZ7WkdmQ/JGMoECacgHF4+Q QaduKkCZzVlvMf7Exj/5ztYk842YxzTIoTEU9AkqslGB+WGR7bf0ce7sSZm+MUqaRpRJ ykAQ== X-Gm-Message-State: AOAM531WBZXoZvfHfTIxLdhwtJcGrAyZZGMRQngLOFGwkeiD7e2mS0Xe yqsV3lHzab2yB8y9iecf/4rFzeMGqfo= X-Google-Smtp-Source: ABdhPJx8TIJgSQpOO9Spcvsl2gJdGL661rO4zSS72uHN7Bbm124TCORkJo8YTqKKLO/3nAX7wyPO6Q== X-Received: by 2002:a9d:27a2:: with SMTP id c31mr10422836otb.293.1602279620474; Fri, 09 Oct 2020 14:40:20 -0700 (PDT) Received: from CptOrmolo.darkstar (cpe-70-113-147-195.tx.res.rr.com. [70.113.147.195]) by smtp.gmail.com with ESMTPSA id u2sm7592945oig.48.2020.10.09.14.40.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Oct 2020 14:40:19 -0700 (PDT) Date: Fri, 9 Oct 2020 16:40:18 -0500 From: Matthew Martin To: zsh-workers@zsh.org Subject: Re: [patch] Avoid race in zf_mkdir Message-ID: <20201009214018.GB6449@CptOrmolo.darkstar> Mail-Followup-To: zsh-workers@zsh.org References: <20201009200737.GA78914@CptOrmolo.darkstar> <20201009205357.GA6449@CptOrmolo.darkstar> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Seq: 47443 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: Archived-At: On Fri, Oct 09, 2020 at 11:22:00PM +0200, Roman Perepelitsa wrote: > Perhaps something like this? This should provide the following > guarantees for zf_mkdir -p: > > - If it succeeds, the directory must have existed at some point during > the execution of the function (either created by zf_mkdir itself or by > some other concurrent process). > - If it fails, there must have been a point in time during the > execution of the function where the target directory or one of its > parents didn't exist and it was impossible to create it. > > `zf_mkdir -p foo` It should work as expected in the face of concurrent > `mkdir foo && rmdir foo` or `touch foo && rm foo`. > > I confess that I haven't tested it. > > Roman. > diff --git a/Src/Modules/files.c b/Src/Modules/files.c > index 6d20e38a8..a9ccccb8b 100644 > --- a/Src/Modules/files.c > +++ b/Src/Modules/files.c > @@ -122,19 +122,28 @@ domkdir(char *nam, char *path, mode_t mode, int p) > { > int err; > mode_t oumask; > + struct stat st; > char const *rpath = unmeta(path); > > - if(p) { > - struct stat st; > - > - if(!stat(rpath, &st) && S_ISDIR(st.st_mode)) > + while(1) { > + oumask = umask(0); > + err = mkdir(rpath, mode) ? errno : 0; > + umask(oumask); > + if (!err) > + return 0; > + if(!p || err != EEXIST) > + break; > + if(!stat(rpath, &st)) { > + if(errno == ENOENT) > + continue; For a sufficiently well timed attacker, the target could be created and deleted so that this loop never exits. Even if pathological, I don't think it should be possible for mkdir to loop forever. > + err = errno; > + break; > + } > + if(S_ISDIR(st.st_mode)) > return 0; > + break; > } > - oumask = umask(0); > - err = mkdir(rpath, mode) ? errno : 0; > - umask(oumask); > - if(!err) > - return 0; > + > zwarnnam(nam, "cannot make directory `%s': %e", path, err); > return 1; > }