temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.
There is a pfSense bug with more infor about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c:
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c
- Added O_SYNC flag on dbopen() calls
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3
- pw_lock() returns a file descriptor to master password file on success
Differential Revision: https://reviews.freebsd.org/D2978
Approved by: bapt
Sponsored by: Netgate
errno = ENAMETOOLONG;
return (-1);
}
- if ((tfd = mkstemp(tempname)) == -1)
+ if ((tfd = mkostemp(tempname, O_SYNC)) == -1)
return (-1);
if (mfd != -1) {
while ((nr = read(mfd, buf, sizeof(buf))) > 0)
int
gr_mkdb(void)
{
+ int fd;
+
if (chmod(tempname, 0644) != 0)
return (-1);
- return (rename(tempname, group_file));
+ if (rename(tempname, group_file) != 0)
+ return (-1);
+
+ /*
+ * Make sure new group file is safe on disk. To improve performance we
+ * will call fsync() to the directory where file lies
+ */
+ if ((fd = open(group_dir, O_RDONLY|O_DIRECTORY)) == -1)
+ return (-1);
+
+ if (fsync(fd) != 0) {
+ close(fd);
+ return (-1);
+ }
+
+ close(fd);
+ return(0);
}
/*
errno = ENAMETOOLONG;
return (-1);
}
- if ((tfd = mkstemp(tempname)) == -1)
+ if ((tfd = mkostemp(tempname, O_SYNC)) == -1)
return (-1);
if (mfd != -1) {
while ((nr = read(mfd, buf, sizeof(buf))) > 0)
git.ckatri.com / pw-darwin.git / commitdiff