|
|
Log in / Subscribe / Register

The trouble with symbolic links

The trouble with symbolic links

Posted Jul 18, 2022 10:17 UTC (Mon) by ras (subscriber, #33059)
Parent article: The trouble with symbolic links

The problem with symlinks could be summed up in one word: races.

Parallelism is the hardest thing to get right in the programming world. POSIX offers no help whatsoever. It doesn't have transactions, and it doesn't have mandatory locks. Even the simplest of things like doing an atomic set of writes to a single file so hard we have the SQLite designer tell us to use it like fwrite(). Using an entire SQL library just to do reliable writes should be an absurd recommendation, but as things stand: he's right.

Because it's near impossible to get right, there are many bugs, some have security implications, and thus POSIX's total non-support of transactions has the cause of CVE after CVE for literally decades. It's not just symlinks. We seen streams of CVE's over the downright trivial operation of creating a temporary file, and surprise surprise hard links have their share of CVE's too. Renames, copies, moves, deletes are all the same. If you can't be 100% sure of what the file system looks like when you execute them (and POSIX ensures you can never be sure if there is more than one thread), then the end result is likely to be a gamble.

Or to put it another way, if POSIX did support transactions, most of the symlink CVE's he mentions, and all the need for all these xxxxat() operations would just vanish. Ergo, symlink's aren't the problem, and getting rid of them won't fix it.

to post comments

The trouble with symbolic links

Posted Jul 19, 2022 13:35 UTC (Tue) by mathstuf (subscriber, #69389) [Link] (3 responses)

Have there been systems with transactional filesystem APIs?

The trouble with symbolic links

Posted Jul 19, 2022 14:59 UTC (Tue) by ras (subscriber, #33059) [Link] (1 responses)

A quick google reveals most desktops are running one: https://en.wikipedia.org/wiki/Transactional_NTFS

It's not clear if that still true, but it blows me away anyway.

The trouble with symbolic links

Posted Jul 19, 2022 16:40 UTC (Tue) by mathstuf (subscriber, #69389) [Link]

Given that Microsoft has declared it deprecated and may have it disappear in the futureā€¦it seems like a failed experiment on at least the deployment level.

The trouble with symbolic links

Posted Jul 19, 2022 16:24 UTC (Tue) by kleptog (subscriber, #1183) [Link]

PostgreSQL has support for transactional large objects. To call it a filesystem is a bit of a stretch since objects only have numeric identifiers not names. However, they have permissions, and support open/close/seek/read/write and are all within a transaction. You could certainly build a complete transactional filesystem on top of it.

But this also shows the difficulty, given the amount of work database systems have to do to make transactions work while giving everyone a consistent view and making it perform. Then again, the problem space of filesystems is much simpler.

Even if we supported only transactional metadata changes (rename, move, create, unlink) would be a step up. Certainly being able the work on a fixed snapshot of the filesystem would be good enough for quite a lot of purposes (I think btrfs has this).


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds