snegov/cura-te-ipsum
1
0
Fork 0
Code Issues 29 Releases Wiki Activity

Race condition in lock file creation could allow concurrent backups #3

New Issue
Open
opened 2025-11-15 03:44:07 +00:00 by snegov · 0 comments
snegov commented 2025-11-15 03:44:07 +00:00
Owner
Copy Link

Race condition in lock file creation could allow concurrent backups

Priority: High
Component: backup.py
Type: Bug

Description

There's a race condition in the set_backups_lock() function (backup.py:100-131) between checking if the lock file exists and creating it. Two processes could both check for the file, both find it doesn't exist, and both proceed to create backups simultaneously.

Location

curateipsum/backup.py:109-112

Current Code

if not os.path.exists(lock_file_path):
    with open(lock_file_path, "a") as f:
        f.write(str(os.getpid()))
    return True

Problem

Between line 109 and 110, another process could create the lock file, leading to both processes thinking they have the lock.

Proposed Solution

Use atomic file creation with exclusive flags:

try:
    fd = os.open(lock_file_path, os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o644)
    os.write(fd, str(os.getpid()).encode())
    os.close(fd)
    return True
except FileExistsError:
    # Lock already exists, read PID and check if process is running
    ...

Impact

High - Could cause data corruption or incomplete backups if two processes run simultaneously.

# Race condition in lock file creation could allow concurrent backups **Priority:** High **Component:** backup.py **Type:** Bug ## Description There's a race condition in the `set_backups_lock()` function (backup.py:100-131) between checking if the lock file exists and creating it. Two processes could both check for the file, both find it doesn't exist, and both proceed to create backups simultaneously. ## Location `curateipsum/backup.py:109-112` ## Current Code ```python if not os.path.exists(lock_file_path): with open(lock_file_path, "a") as f: f.write(str(os.getpid())) return True ``` ## Problem Between line 109 and 110, another process could create the lock file, leading to both processes thinking they have the lock. ## Proposed Solution Use atomic file creation with exclusive flags: ```python try: fd = os.open(lock_file_path, os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o644) os.write(fd, str(os.getpid()).encode()) os.close(fd) return True except FileExistsError: # Lock already exists, read PID and check if process is running ... ``` ## Impact **High** - Could cause data corruption or incomplete backups if two processes run simultaneously.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: snegov/cura-te-ipsum#3
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?