ASP: Fix race condition when writing to packages file (#16034) · Issues · tails / tails

ASP: Fix race condition when writing to packages file

Originally created by @segfault on #16034 (Redmine)

* there is a race condition between multiple calls of add_additional_packages and/or remove_additional_packages: if the config file is written between when the packages are read and when the packages are written, this change will be overwritten by the subsequent write. You could fix this by acquiring a file lock before reading the file, for example with fcntl.flock(f, fcntl.LOCK_EX), and only releasing the lock once the file was written (example: https://gitlab.com/segfault3/onionkit/blob/master/onionkit/util.py#L21).
This way you could also get rid of the python3-atomicwrites package

As far as I understand, such lock are released on close, so I don’t see how it would actually lock the config file (see https://linux.die.net/man/2/flock).
The way the code works now, the file is opened for reading, then closed, then opened again for writing, closed, and chmod.
We don’t even have any guarantee we actually write the the same path we read, because get_packages_list_path is called again each time.
Am I wrong?
Do you think we should ensure the file is only opened once?

Yes, that’s what I meant and what the flock can be used for.

Feature Branch: bugfix/16034-asp-fix-race-condition

Related issues

Related to #15838 (closed)
Is duplicate of #15982 (closed)

_Originally created by @segfault on [#16034 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16034)_

From tails/tails#15838:  
segfault wrote:  
> > > \* there is a race condition between multiple calls of
add\_additional\_packages and/or remove\_additional\_packages: if the
config file is written between when the packages are read and when the
packages are written, this change will be overwritten by the subsequent
write. You could fix this by acquiring a file lock before reading the
file, for example with fcntl.flock(f, fcntl.LOCK\_EX), and only
releasing the lock once the file was written (example:
<https://gitlab.com/segfault3/onionkit/blob/master/onionkit/util.py#L21)>.  
> > > This way you could also get rid of the python3-atomicwrites
package  
> >  
> > As far as I understand, such lock are released on `close`, so I
don’t see how it would actually lock the config file (see
<https://linux.die.net/man/2/flock)>.  
> > The way the code works now, the file is opened for reading, then
closed, then opened again for writing, closed, and chmod.  
> > We don’t even have any guarantee we actually write the the same
path we read, because `get_packages_list_path` is called again each
time.  
> > Am I wrong?  
> > Do you think we should ensure the file is only opened once?  
>  
> Yes, that’s what I meant and what the `flock` can be used for.

Feature Branch: bugfix/16034-asp-fix-race-condition

### Related issues

- **Related to** tails/tails#15838
  - **Is duplicate of** tails/tails#15982

Edited May 15, 2020 by segfault

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.