davison@drivax.UUCP (Wayne Davison) (08/25/89)
WARNING -- there is a serious problem in the program "updatemin.c" as
released in the 22-Aug patch. The program leaves the file "active.new"
linked to "active" which causes the next running of updatemin to completely
wipe out your active file (because it creates active.new before reading
any part of active, and since they are linked, active is kaput).
The fix options are simple, the code currently looks like this:
(void) unlink("active.old");
if (link("active", "active.old") < 0)
fail("can't link `active' to `active.old'", "");
if (unlink("active") < 0)
fail("can't unlink `active'", "");
if (link(newname, "active") < 0) {
if (link("active.old", "active") < 0)
fail("disaster -- cannot recover `active'!!", "");
else
fail("can't link in new `active' -- old one used", "");
}
One option is to add an unlink(newname) after all this code. The other
option was in the code I sent them (which bears a very slight resemblance
to the released code) which did a rename(newname,"active") rather than the
unlink("active"), link(newname, "active"). I prefer this method, because
the rename function states that it will delete the destination if necessary,
and that an instance of the destination name will be guaranteed to exist,
even if the system crashes in the middle of the operation. This saves the
extra recovery steps above and never, in fact, links active to active.new.
The only thing I'm not sure of, is whether rename works this way over the
wide range of OSes out there (I'm running 4.3BSD). Anyone know for sure?
--
Wayne Davison \ /| / /| \/ /| /(_) davison@drivax.UUCP
(_)/ |/ /\| / / |/ \ ...!amdahl!drivax!davisonhenry@utzoo.uucp (Henry Spencer) (08/26/89)
In article <24F5005C.B1B@drivax.UUCP> davison@drivax.UUCP (Wayne Davison) writes: >WARNING -- there is a serious problem in the program "updatemin.c" as >released in the 22-Aug patch... See the 24-Aug patch for a fix. This is humiliating; I should have spotted that one before sending the thing out... >The only thing I'm not sure of, is whether rename works this way over the >wide range of OSes out there (I'm running 4.3BSD). Anyone know for sure? Unfortunately, rename() is a BSDism that doesn't exist on most other Unixes. Pity. The file-manipulation code in expire sure could use it. -- V7 /bin/mail source: 554 lines.| Henry Spencer at U of Toronto Zoology 1989 X.400 specs: 2200+ pages. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu