httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: FLOCK stuff
Date Tue, 04 Nov 1997 21:26:52 GMT
Jim Jagielski wrote:
> 
> Dean Gaudet wrote:
> > 
> > You would want to open() once per child rather than doing it in
> > mutex_on()...  It has all the same DoS attacks that sysvsems do... which
> > sucks.  If fcntl() works on these platforms we should just use that and
> > ditch flock. 
> > 
> 
> Yeah... having the child initial phase create the lockfile would be
> best and I looked into that (actually creating a child_mutex_init()
> function) but the limitations of everything that it entails is
> nasty.
> 
> Now _maybe_ what we can do is do the open() while still as root
> but I'm not sure if, after we changed uid's we'll still be able to
> flock. If so, then that's the way to go.
> 

Aha! That's it. As far as I can tell, that works. For your own
tests, here's what I used. I created a subdir called secret and made
it owned by root, mode 700. I then ran the code as root... flock
worked. Sooooo, let's get some testing and, if this works on other
systems, I can fold my patches in.

/*
 * Bare-bones flocking case
 */
#include <sys/file.h>
#include <sys/errno.h>
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#define LOCKFILE "./secret/lockfile"
int
main(int argc, char **argv)
{
    int fd;
    printf("Starting flock test...\n");

    if (fork() == 0) {
	/* child */
	fd = open(LOCKFILE, O_WRONLY | O_CREAT, 0666);
	setuid(1);
	flock(fd, LOCK_EX);
	sleep(20);
	printf("flock test done...\n");
	exit(0);
    }
    if (fork() == 0) {
	/* child */
	sleep(5);
	fd = open(LOCKFILE, O_WRONLY | O_CREAT, 0666);
	setuid(1);
	if (flock(fd, LOCK_EX | LOCK_NB) == -1) {
	    if (errno == EWOULDBLOCK)
		printf("flock works fine.\n");
	    else
		printf("flock fails: %s\n", strerror(errno));
	} else
	    printf("flock doesn't work.\n");
	exit(0);
    }
    if (fork() == 0) {
	/* child */
	sleep(10);
	fd = open(LOCKFILE, O_WRONLY | O_CREAT, 0666);
	setuid(1);
	if (flock(fd, LOCK_EX | LOCK_NB) == -1) {
	    if (errno == EWOULDBLOCK)
		printf("flock works fine.\n");
	    else
		printf("flock fails: %s\n", strerror(errno));
	} else
	    printf("flock doesn't work.\n");
	exit(0);
    }
}


-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
            "Look at me! I'm wearing a cardboard belt!"

Mime
View raw message