From: K-mart Cashier on 6 Jun 2010 20:54 Someone told me, on another forum, that kill -9 could possibly erase a temporary file. Perhaps this is due to lack of experience, but for whatever reasons, I can' think of a situation where something like this could happen. Ideas? Or at the very least, some kind of hints that could put me in the right direction.
From: David Schwartz on 6 Jun 2010 22:01 On Jun 6, 5:54 pm, K-mart Cashier <cdal...(a)gmail.com> wrote: > Someone told me, on another forum, that kill -9 could possibly erase a > temporary file. Perhaps this is due to lack of experience, but for > whatever reasons, I can' think of a situation where something like > this could happen. Ideas? Or at the very least, some kind of hints > that could put me in the right direction. 1) Program opens a file. 2) Program unlinks that file (by name) from the only directory it is in (perhaps to prevent anyone else from opening that file). 3) Program access the file through the descriptor opened in step 1. 4) Program restores the link to that file from the containing directory. Now imagine you 'kill -9' the program during step 3. Since the only reference to that file (the descriptor that program has) will be lost, the file will be deleted at that point. DS
From: Gordon Burditt on 7 Jun 2010 02:39 >> Someone told me, on another forum, that kill -9 could possibly erase a >> temporary file. Perhaps this is due to lack of experience, but for >> whatever reasons, I can' think of a situation where something like >> this could happen. Ideas? Or at the very least, some kind of hints >> that could put me in the right direction. > >1) Program opens a file. open() or fopen() >2) Program unlinks that file (by name) from the only directory it is >in (perhaps to prevent anyone else from opening that file). unlink() or remove() >3) Program access the file through the descriptor opened in step 1. read(), write() or various other functions. (1) through (3) might be provided by tmpfile(). >4) Program restores the link to that file from the containing >directory. What POSIX call will do that? Does anything but Linux have flink(), and what are the security issues? >Now imagine you 'kill -9' the program during step 3. Since the only >reference to that file (the descriptor that program has) will be lost, >the file will be deleted at that point. It seems to me that any program that does this is just begging for the file to be lost (any uncaught signal, such as a segfault or assert failure, along with exit() will end up losing it). That's what a *temporary* file is, isn't it? If the file is valuable, omit steps (2) thru (4), and put it somewhere safe in the first place.
From: David Schwartz on 7 Jun 2010 03:46 On Jun 6, 11:39 pm, gor...(a)hammy.burditt.org (Gordon Burditt) wrote: > >4) Program restores the link to that file from the containing > >directory. > What POSIX call will do that? Does anything but Linux have flink(), > and what are the security issues? I don't believe there's any POSIX call to do it, but there are quite a few ways (for example, on some operating systems you can use /proc or equivalent). In any event, this was just an example. > >Now imagine you 'kill -9' the program during step 3. Since the only > >reference to that file (the descriptor that program has) will be lost, > >the file will be deleted at that point. > It seems to me that any program that does this is just begging for > the file to be lost (any uncaught signal, such as a segfault or > assert failure, along with exit() will end up losing it). That's > what a *temporary* file is, isn't it? If the file is valuable, > omit steps (2) thru (4), and put it somewhere safe in the first > place. I agree. But the OP's question was specifically about losing temporary files. DS
From: Maxwell Lol on 7 Jun 2010 06:51
K-mart Cashier <cdalten(a)gmail.com> writes: > Someone told me, on another forum, that kill -9 could possibly erase a > temporary file. Perhaps this is due to lack of experience, but for > whatever reasons, I can' think of a situation where something like > this could happen. Ideas? Or at the very least, some kind of hints > that could put me in the right direction. Remember that kill -9 cannot be trapped and handled by the application. It tells trhe application to stop NOW! It does not give the application a change to clean up any temporary files, finish what it is doing, or back up if termination would leave something in an incomplete state. The normal kill allows the applicaiton to capture the signal, and do whatever it was programmed to do when stutting down. So the question is - when is kill -9 used? I'd only use it if (1) I think the program is malicious, or doing damage the more it runs, or (2) kill -15 does not work. |