Re: [squid-users] User Authentication Begins Failing

From: Adrian Chadd <adrian@dont-contact.us>
Date: Fri, 7 Sep 2007 09:50:34 +0800

On Thu, Sep 06, 2007, Henrik Nordstrom wrote:

> With a 2 seconds or so margin on the stat time you should not need to
> care. Also solves the double password change within the same second
> problem... but yes checking the size as well do not hurt.
>
> Patch adding a 2 seconds margin to the stat time is attached.

Yup, sounds good. But!

> if (stat(argv[1], &sb) == 0) {
> if (sb.st_mtime != change_time) {
> - read_passwd_file(argv[1]);
> - change_time = sb.st_mtime;
> + int diff = time(NULL) - sb.st_mtime;
> + if (diff > 2 || diff < 0) {
> + read_passwd_file(argv[1]);
> + change_time = sb.st_mtime;
> + }

Could you explain to me the intent of this? The 2 second time check only
kicks in if the file's already been read because the mtime has changed.
Thats just possibly reading the file twice in quick succession if its been
< 2 seconds since it last changed? I can't see how that fixes the race
condition.

I still think checking the filesize and having a whinge is the better option.
I'd also suggest checking the inode number but that definitely doesn't pick
up people truncate+writing contents and may not work in all situations/FSes..

Adrian
Received on Thu Sep 06 2007 - 19:47:06 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT