Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure that temporary file is used only by one process #309

Merged

Conversation

abicky
Copy link
Contributor

@abicky abicky commented Jun 28, 2020

mkstemp(3) ensures that a unique file is created, but in the previous implementation, there's a possibility that a process
uses the temporary file created by another process if mkstemp(3) fails to create a file due to EEXIST. That has the same risk as #174.

This PR will also resolve #177 if the cause is that multiple processes try to create a file with the same name at the same time.

@abicky abicky requested a review from burke as a code owner June 28, 2020 16:55
@ghost ghost added the cla-needed label Jun 28, 2020
mkstemp(3) ensures that a unique file is created, but in the
previous implementation, there's a possibility that a process
uses the temporary file created by another process if mkstemp(3)
fails to create a file due to EEXIST. That has the same risk as
Shopify#174.

This commit will also resolve
Shopify#177 if the cause is
that multiple processes try to create a file with the same name
at the same time.
@abicky abicky force-pushed the fix-vulnerability-of-atomic_write_cache_file branch from 995cfe1 to cfd28c3 Compare June 28, 2020 17:12
@ghost ghost removed the cla-needed label Jun 28, 2020
Copy link
Member

@burke burke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ohhhhh, this makes sense! Thanks, this always puzzled me.

@burke burke merged commit 993f454 into Shopify:master Jul 14, 2020
@matti
Copy link

matti commented Jul 16, 2020

How about also releasing the gem, the latest release is 5 months old?

@abicky abicky deleted the fix-vulnerability-of-atomic_write_cache_file branch August 9, 2020 13:32
@XrXr XrXr temporarily deployed to rubygems October 24, 2020 22:20 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Errno::ENOENT - No such file or directory - bs_fetch:atomic_write_cache_file:rename
4 participants