In article <20141018221947.ga2...@apb-laptoy.apb.alt.za>, Alan Barrett <a...@cequrux.com> wrote: >On Wed, 15 Oct 2014, Christos Zoulas wrote: >>Modified Files: >> src/bin/sh: redir.c >> >>Log Message: >>PR/48201: Miwa Susumu: Fix set -C (no clobber) for POSIX; from FreeBSD >>Can't use O_EXCL because of device nodes; also truncate. > >There are some TOCTOU races in this code, where something about >the file could change in between the stat() and the open(). > >Some ideas: > >1. Keep the new code, with its races, but also verify that st_dev >and st_ino values remain unchanged between the stat() before >opening the file, and fstat() after opening the file. > >2. Try open() with O_EXCL first, and fall back to racy code with >stat() only if the first open(O_EXCL) fails. Also use fstat() to >check that st_dev/st_ino do not change. > >3. Invent one or more open(2) flags, such as O_SPECIAL for "must >be a device or other special file, must not be a plain file or a >directory". First try open(O_EXCL), and if that fails then try >open(O_SPECIAL).
Well, we could try to open without O_CREAT first, for device nodes it should succeed, if it fails do the O_EXCL thingy. I think open has enough flags. christos
