[bug#41797] [PATCH] replace with-temporary-store-file

[Caleb Ristvedt]

Apologies for the delay on this.

Ludovic Courtès <ludo@gnu.org> writes:

> Hi,
>
> Caleb Ristvedt <caleb.ristvedt@cune.org> skribis:
>
>> with-temporary-store-file has a fundamental flaw: it assumes that if a
>> temporary store file exists, is then added as a temporary root, and still
>> exists, then it uniquely belongs to the current process.  This is not always
>> the case, because the only criteria used for choosing temporary file names is
>> that they not be currently used and fit a certain template.  This means it's
>> entirely possible for another process to choose the same temporary file name
>> if it doesn't exist at the time it chooses.
>
> Then what about simply adding the PID to the file name template?

AFAIK that would work currently, though for the daemon we'd have to also
include a fiber identifier. What concerns me is that I can't find any
restrictions about the characters that mkstemp is allowed to use, so
we'd have to enforce a consistent tempfile naming scheme. Admittedly, I
spent 10 minutes trying to think of realistic ways in which collisions
could still occur and couldn't come up with anything - the fact that the
randomized portion is always the same length and at the end makes it
quite difficult.

It's worth noting that adding the PID (and fiber ID) to the template
will only make it thread-safe, not reentrant. So
with-temporary-store-file uses couldn't be nested - indeed, no temporary
store files that use the same template could be safely created within
the extent of with-temporary-store-file. We could add a parameter to
track all the "reserved" filenames for the current dynamic state, but it
seems like a lot of hassle, and there's still the risk that other
temp-file-creating code could simply ignore it.

I'd still prefer restore-to-temp-store-file for the stronger guarantees
it gives.

- reepca

signature.asc
Description: PGP signature