[ovs-dev] [PATCH v2 2/2] netdev-dpdk: Support user-defined socket attribs
Aaron Conole
aconole at redhat.com
Wed Jun 15 21:35:49 UTC 2016
Ben Pfaff <blp at ovn.org> writes:
> On Mon, Jun 13, 2016 at 05:36:34PM -0400, Aaron Conole wrote:
>> > If these limitations are unacceptable, I can see how we can use
>> > chmod. After all, as you point out, it's probably better to do it
>> > in OVS than in some script.
>>
>> I think fchmod and fchown may actually be the correct calls to have, and
>> will refactor these chown/chmod utils functions as such, which (I
>> believe) avoids the race as you describe.
I've done quite a bit of illuminating reading on the subject. The best
I've seen is a usenix paper from 08[1] which describes a specific type of
TOCTTOU mitigation that is still not 100% effective. This is a rather
complicated subject. Whoops!
> There are some pitfalls with fchmod() on Unix domain sockets, especially
> on non-Linux systems. Please refer to bind_unix_socket() in
> ...
> I do not know whether the same pitfalls apply to fchown().
After much testing, it appears yes the same pitfalls apply. However,
the downgrade with dpdk may not work correctly - I'm currently devising
some test cases to sort this out.
[1]:
https://www.usenix.org/legacy/event/fast08/tech/full_papers/tsafrir/tsafrir_html/index.html
Thanks both of you for your keen insights!
-Aaron
More information about the dev
mailing list