Skip Menu |
 

This queue is for tickets about the Modwheel CPAN distribution.

Report information
The Basics
Id: 31384
Status: new
Priority: 0/
Queue: Modwheel

People
Owner: Nobody in particular
Requestors: kenny [...] kmdconsulting.ca
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Repository.pm safeopen()
Date: Tue, 11 Dec 2007 10:04:59 -0500
To: bug-Modwheel [...] rt.cpan.org
From: Kenny MacDermid <kenny [...] kmdconsulting.ca>
Download (untitled) / with headers
text/plain 689b
Hello, I was just taking a look through safeopen() and was wondering about some possible bugs. The race condition checking seems to only be run `if (-f $filename && $hdev && $hino)'. Unless I'm missing something it appears $hdev and $hino haven't yet been used. Also the check of `-f $filename' doesn't seem like a good idea here. It would still likely allow the following race condition: <<< file is correct Show quoted text
>>> stat file
<<< change with link Show quoted text
>>> open file >>> check if it's a '-f', it's not. Ignore race condition.
If you want to make sure it was a safe open of a file then set something on the first '-f' test and test for race conditions if that's true. Hope this helps, Kenny


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.