Re: Idea: flink() and anon_open()

Albert D. Cahalan (acahalan@cs.uml.edu)
Sun, 8 Mar 1998 12:54:15 -0500 (EST)

> I'd like to suggest two new system calls. They are logical extensions
> of the existing filesystem features, and they make it possible to do
> all sorts of interesting things. I particularly want them because I'm
> writing a program that will be used to install system-critical files
> (libc), and there are some race conditions that they would eliminate.
>
> First is flink(fd, path). This is exactly like link() except that it
> takes a file descriptor instead of an existing pathname. This allows
> you to reattach a file that's been deleted but still open, or name a
> file whose descriptor was passed to you.

I think flink() is good.

> Second is anon_open(dir, flags, mode). This call returns a file
> descriptor on an anonymous file, as if you had created a file and
> immediately unlinked it. (I'm not enamored of the function name.) The
> first argument is a hint as to where the file "belongs", so that it
> can allocate space in the right filesystem. For temporary files that
> would be /tmp or /var/tmp. The most obvious use is to avoid the races
> surrounding temporary file creation, which have been discussed at some
> length on the bugtraq list recently. In combination with flink(), it
> can be used to replace a file atomically, without having any time
> window where the new version isn't what you want it to be, or where a
> temporary name exists and might be grabbed by a malefactor.

This might be best done with open() flags. Add O_NOLINK or O_NONAME.
I think you still need a filename for the kernel internals,
but it could start out already unlinked.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu