httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: cvs commit: apachen/htdocs/manual/mod core.html
Date Tue, 23 Dec 1997 00:29:25 GMT
No, I mean unlink()ing before trying to open it.  

On Mon, 22 Dec 1997, Jim Jagielski wrote:

> Marc Slemko wrote:
> > 
> > On 22 Dec 1997 marc@hyperreal.org wrote:
> > 
> > >   	- add warning about possible denial of service attack with
> > >   	  LockFile in world writable directory
> > 
> > This is only possible with fcntl serialized accept because 
> > flock serialized accept does an explicit unlink().
> 
> Both do an unlink() but the fcntl() version does one as soon as
> the file's open; the flock(), due to the way flock() works on
> vnodes/filenames, cannot be unlink()ed until the server dies.
> 
> > 
> > Is probably worth fixing by having flock serialized accept unlink
> > it as well before starting.  The only risk here is that we could
> > unlink a file we shouldn't, but...
> 
> Except that having the file unlink()ed causes the mutex to fail.
> The current setup is the only one that works with flock()... :/
> 
> -- 
> ====================================================================
>       Jim Jagielski            |       jaguNET Access Services
>      jim@jaguNET.com           |       http://www.jaguNET.com/
>             "Look at me! I'm wearing a cardboard belt!"
> 


Mime
View raw message