[Fontconfig] Application startup performance

u-pnrz at aetey.se u-pnrz at aetey.se
Tue Jan 12 01:28:30 PST 2016

On Tue, Jan 12, 2016 at 12:14:26AM +0000, Nick Alcock wrote:
> > If a permission check will be applied, then please with access() not
> > mode bits.
> Yeah. I mean, using access() is racy, but to be honest with *font file
> directories* that is probably not really a problem.


> (The canonical
> approach for these things, which is to just try to open() it with the
> requested mode and see if it fails, doesn't really work too well for
> O_RDWR on directories.)

A "sure" check would be to try to create a file, which looks unnecessarily
intrusive for me. Moreover this can be _really_ expensive on some file
systems/scenarios. Even if we'd avoid stat()-ing all the files, testing
multiple writable directories could take a long time.

In any case, such a check should not be necessary - indeed fontconfig
ought to be fine with the old behaviour, checking whether the directory
contents has changed, not the files themselves (i.e. ignoring the cases
when you rewrite font files in-place, as long as this limitation is
mentioned somewhere).

> > As soon as there are ACLs on the file system, the mode bits are broken
> > and plainly "wrong".
> Also with setuid/setgid, LSMs, etc. It is generally a mistake to try to
> interpret mode bits programmatically at all.

Nevertheless even some widely deployed and critical programs do this.
Openssh for example, without any switch to turn off the "safety net
heuristics" when it becomes nonsence.


More information about the Fontconfig mailing list