OT: file operations atomicity (was: Re: Re: gpg doesn't fail on target file existing when decrypting)

Sven Radde email at sven-radde.de
Tue Mar 17 14:00:18 CET 2009


Andrew Flerchinger schrieb:
>> 1. Use mktemp to safely create a new, unique file
>> 2. Send the decryption output to that file
>> 3. Test if the "real" file exists, and if so unlink it
>> 4. mv $newfile $realfilename
> You're right, I could do that to make my work-around act atomic.
Be careful, this is not necessarily atomic. You're assuming transactions
where no such thing exists.
If the system crashes in the wrong moment, you would have the real file
unlinked and the renaming has not yet taken place. It might even be the
case that the tempfile is not even persisted to disc.

I am not making this up, see for example the current discussion about
the EXT4 data loss issue:

cu, Sven

More information about the Gnupg-users mailing list