[Lustre-devel] WBC HLD outline

Oleg Drokin Oleg.Drokin at Sun.COM
Wed Apr 8 20:04:47 PDT 2009


On Apr 7, 2009, at 2:30 AM, Alex Zhuravlev wrote:
> AD> While this example has been given many times as a security issue  
> that
> AD> forces many strange actions on the part of Lustre, the example is
> AD> fundamentally broken because POSIX allows "foo" to be opened  
> before the
> AD> chmod, and kept open until after the write and then read the  
> "secret-file"
> AD> content.  The "foo" file needs to be created securely in the  
> first place
> AD> to be safe.
> yup, and there is no way in posix to even check whether file is  
> opened.

I do not know if file leases are POSIX or not (and cannot check right  
but they do in fact allow you not only to ensure the file is not  
opened in certain
mode, but would also allow you to get notified when somebody attempts  
to open
a file on which you have obtained such a lease.


More information about the lustre-devel mailing list