ASP: Fix race condition when writing to packages file
- there is a race condition between multiple calls of add_additional_packages and/or remove_additional_packages: if the config file is written between when the packages are read and when the packages are written, this change will be overwritten by the subsequent write. You could fix this by acquiring a file lock before reading the file, for example with fcntl.flock(f, fcntl.LOCK_EX), and only releasing the lock once the file was written (example: https://gitlab.com/segfault3/onionkit/blob/master/onionkit/util.py#L21).
This way you could also get rid of the python3-atomicwrites package
As far as I understand, such lock are released on
close, so I don't see how it would actually lock the config file (see https://linux.die.net/man/2/flock).
The way the code works now, the file is opened for reading, then closed, then opened again for writing, closed, and chmod.
We don't even have any guarantee we actually write the the same path we read, because
get_packages_list_pathis called again each time.
Am I wrong?
Do you think we should ensure the file is only opened once?
Yes, that's what I meant and what the
flockcan be used for.
- Assignee changed from segfault to alant
- QA Check set to Ready for QA
- Feature Branch set to bugfix/16034-asp-fix-race-condition
I implemented something, please review.
I also noticed that the exceptions raised in
handle_remove_packages were not logged, so I fixed that too.