[ovs-dev] [PATCH v2 2/2] netdev-dpdk: Support user-defined socket attribs

Aaron Conole aconole at redhat.com
Wed Jun 15 21:35:49 UTC 2016


Ben Pfaff <blp at ovn.org> writes:

> On Mon, Jun 13, 2016 at 05:36:34PM -0400, Aaron Conole wrote:
>> > If these limitations are unacceptable, I can see how we can use
>> > chmod.  After all, as you point out, it's probably better to do it
>> > in OVS than in some script.
>> 
>> I think fchmod and fchown may actually be the correct calls to have, and
>> will refactor these chown/chmod utils functions as such, which (I
>> believe) avoids the race as you describe.

I've done quite a bit of illuminating reading on the subject.  The best
I've seen is a usenix paper from 08[1] which describes a specific type of
TOCTTOU mitigation that is still not 100% effective.  This is a rather
complicated subject.  Whoops!

> There are some pitfalls with fchmod() on Unix domain sockets, especially
> on non-Linux systems.  Please refer to bind_unix_socket() in
> ...
> I do not know whether the same pitfalls apply to fchown().

After much testing, it appears yes the same pitfalls apply.  However,
the downgrade with dpdk may not work correctly - I'm currently devising
some test cases to sort this out.

[1]:
https://www.usenix.org/legacy/event/fast08/tech/full_papers/tsafrir/tsafrir_html/index.html


Thanks both of you for your keen insights!

-Aaron



More information about the dev mailing list