[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE 9.0/Security updates



> > Well, RPM is not a magic ghost. It also deletes files and stored new
> > ones, as everybody else does.
> You didn't get my point. In previous versions, RPM behaved like I 
> described. It moved away the old file and deleted it. But with the new 
> version I can't see any files that have been deleted by the RPM system. 
> 
> I just tested with "screen" - I opened a screen session and updated with 
> the new screen rpm from the SuSE FTP servers. Although screen is still 
> running, there are no deleted processes shown (SuSE 9.0).
> A re-test with SuSE 8.1 showed, that a file called "screen-RPMDELETE" has 
> been deleted and is still in use, which is what I expected.

Well, rpm must have created a new file and must have moved the new one in 
place after completing writing to it. It can't work otherwise: The binary 
is locked, resulting in a -EBUSY if you try to overwrite it:

$ cp /bin/cat .
$ ./cat > /dev/null &
[1] 4517
[1]  + 4517 suspended (tty input)  ./cat > /dev/null
$ cp /dev/null cat
cp: cannot create regular file `cat': Text file busy
$ 

So the fact that you don't see these files is either a bug, or you weren't 
root while you were trying. I am currently voting for the first, probably 
filing this as a kernel bug.

Thanks,
Roman.
-- 
 -                                                                   -
| Roman Drahtmüller      <draht@xxxxxxx> //      Nail here            |
  SUSE Linux AG - Security       Phone: //       for a new            
| Nürnberg, Germany     +49-911-740530 //        monitor!     --> [x] |
 -                                                                   -

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here