[PATCH] g10: Fix a race condition initially creating trustdb

NIIBE Yutaka gniibe at fsij.org
Wed May 20 02:19:03 CEST 2015


On 05/19/2015 08:01 PM, NIIBE Yutaka wrote:
> This is a fix for the issue 1675:
>     https://bugs.gnupg.org/gnupg/issue1675

Sorry, the fix of mine is in-mature, there is still a race between
initial creators (two processes could try to create initial
trustdb.gpg, as checking by access(2) is done with no lock).  I'll
post updated version, soon.

> I read through the code for trustdb.gpg.  If I read the code
> correctly, it implements mutual exclusions between write accesses to
> trustdb.gpg, but there are still races between:
> 
>   * writing to trustdb.gpg
> 
>   * reading from trustdb.gpg

When writing this message, I assumed that write(2) could be non-atomic
(depending on the file system), when the access is at the boundary of
block size.  In this (wrong) theory, read(2) from another process
would see inconsistent data.  (Since TRUST_RECORD_LEN=40, I had a
concern.  If its size were 32 or 64, I had not.)

I checked POSIX and it seems the atomicity is guaranteed:

    http://pubs.opengroup.org/onlinepubs/9699919799/functions/write.html

So, I don't need to care.

But, at least with ext4 in 2011, we had a issue:

    http://thread.gmane.org/gmane.comp.file-systems.ext4/24425
--



More information about the Gnupg-devel mailing list