[Lustre-devel] WBC HLD outline
Oleg Drokin
Oleg.Drokin at Sun.COM
Wed Apr 8 20:04:47 PDT 2009
Hello!
On Apr 7, 2009, at 2:30 AM, Alex Zhuravlev wrote:
> AD> While this example has been given many times as a security issue
> that
> AD> forces many strange actions on the part of Lustre, the example is
> AD> fundamentally broken because POSIX allows "foo" to be opened
> before the
> AD> chmod, and kept open until after the write and then read the
> "secret-file"
> AD> content. The "foo" file needs to be created securely in the
> first place
> AD> to be safe.
> yup, and there is no way in posix to even check whether file is
> opened.
I do not know if file leases are POSIX or not (and cannot check right
now),
but they do in fact allow you not only to ensure the file is not
opened in certain
mode, but would also allow you to get notified when somebody attempts
to open
a file on which you have obtained such a lease.
Bye,
Oleg
More information about the lustre-devel
mailing list