On Wed, 15 Oct 2014, Christos Zoulas wrote:
Modified Files: src/bin/sh: redir.c Log Message: PR/48201: Miwa Susumu: Fix set -C (no clobber) for POSIX; from FreeBSD Can't use O_EXCL because of device nodes; also truncate.
There are some TOCTOU races in this code, where something about the file could change in between the stat() and the open().
Some ideas:1. Keep the new code, with its races, but also verify that st_dev and st_ino values remain unchanged between the stat() before opening the file, and fstat() after opening the file.
2. Try open() with O_EXCL first, and fall back to racy code with stat() only if the first open(O_EXCL) fails. Also use fstat() to check that st_dev/st_ino do not change.
3. Invent one or more open(2) flags, such as O_SPECIAL for "must be a device or other special file, must not be a plain file or a directory". First try open(O_EXCL), and if that fails then try open(O_SPECIAL).
--apb (Alan Barrett)