[PATCH] gensignkey: ensure host keys are flushed to disk
DELOGET, Emmanuel
emmanuel.deloget at sfr.com
Mon Nov 10 16:54:30 AWST 2014
Hello,
Le samedi 08 novembre 2014 à 22:26 +0800, Matt Johnston a écrit :
> On Tue, Oct 28, 2014 at 02:11:26PM +0100, Peter Korsgaard wrote:
> >
> > Otherwise we can end up with an empty host key, breaking logins.
> >
> > E.G.:
> >
> > Run dropbear -R and pull power before the host key is writting to disk.
> > After reboot we have:
>
> Hi Peter,
>
> Thanks for the patch, I've applied it with small changes.
> https://secure.ucc.asn.au/hg/dropbear/rev/fd2e8bbb0333
>
> Emmanuel - thanks for the review. Dropbear already has
> exit-on-failure m_strdup(), I'm using that. I'll avoid
> O_DIRECTORY since it's fairly harmless to leave out and is a
> portability hassle. I've made it open with O_RDWR though can't
> actually see in the opengroup.org posix docs where that is
> required for fsync?
Part of the problem has its root here: the POSIX standard does not say a
word on this specific issue - so different UNIX have different
implementation. I found at least two of them:
http://nixdoc.net/man-pages/irix/man2/fsync.2.html
http://nixdoc.net/man-pages/Tru64/man2/fsync.2.html
Granted, there are not the primary target for dropbear :)
The linux man page warns about that issue in the Notes section:
http://linux.die.net/man/2/fsync
Additionnally, a good number of other UNIX (and other POSIX layers such
as the one offered by eCos) doesn't say anything about that so it's hard
to know how the implementation behaves without testing it.
I might be a bit over-prudent here and maybe noone will ever notice. But
since it can lead to a nasty bug I think it's better to err on the side
of safety :)
> Cheers,
> Matt
Best regards,
-- Emmanuel Deloget
More information about the Dropbear
mailing list