Subject: Re: CRITICAL ** Holes in default cron jobs ** CRITICAL
To: Matt Thomas <>
From: Warner Losh <>
List: current-users
Date: 12/31/1996 10:46:27
In message <> Matt Thomas writes:
: Acutally, a 
: int unlink2(const char *name, const struct stat *statbuf);
: would solve the problem.  In essence, you stat/fstat the file first (which
: you are going to do anyway (to make sure it's on the device, old enough,
: etc.)) and then you pass that stat buf to unlink2.  The kernel can then
: verify that <name> is the same object as represented by the information
: in *<statbuf> and then proceed with the deletion.  If the information
: (dev,inode,generation) doesn't match, unlink2 fails.  The kernel can easily
: make this an atomic operation.

You still have the race here.  Between the readdir() and the stat(),
the file can change out from under you, and then you go ahead and
delete the wrong thing because the stat info matches :-(.