[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-devel] Changes to opening of files
- Date: Tue, 5 Jul 2011 16:29:36 -0500
- From: Ziliang Guo <ziliang@xxxxxxxxxxx>
- Subject: [Condor-devel] Changes to opening of files
A few months ago it was decided to extract the safefile library code from inside Condor and have it as a standalone module for maintainability reasons. Because of the way the code was integrated into Condor, it became extremely tedious to incorporate any changes from upstream. This extraction is mostly completed and will soon be merged into the mainline branch but there are a few semantic changes that people developing Condor code should be made aware of.
1) Calls to safe_file_wrapper should use safe_file_wrapper_follow instead. This is because in the original safefile code, safe_file_wrapper will not follow symbolic links to their destinations. One has to explicitly call safe_file_wrapper_follow to achieve this behavior. The same holds true for safe_fopen_wrapper. All callsites in Condor proper and the contrib modules have already been changed to do this. Code in the deprecated folder have been left as is.
2) Creation of a file through a symbolic link is no longer permitted when using safefile functions. The original safefile library never permitted this and Condor had explicitly weakened the security to allow this exception. After some internal discussion, the rationale for this change was deemed to no longer be valid. Note that using symbolic link for logs, which is the most likely situation that could bite us with these changes, was never a good idea in the first place with Condor.
Z
--
Condor Project Windows Developer
