proposal: os: extend Root with Rename #73041
Description
Proposal Details
While there are certainly other use cases, my primary motivation here is the fairly common pattern of
- Create a temporary file
- Write content to the temporary file
- Rename the temporary file to to final expected location.
This is done for ensuring that the file at the final destination location is never an incompletely written file, particularly in cases where the destination is being replaced1. Aside from all of the path traversal issues which originally motivated os.Root, using it for this solves an additional problem, at least in cases like linux where renameat can be used, where this procedure can misbehave if the directory gets renamed between the first and last step.
I will open a separate issue for the CreateTemp part of this, since they're fairly separate features and might have differing implementation difficulties.
See google/renameio#44 for additional discussion.
Footnotes
-
renaming the temp file over the existing file is usually atomic in Unix filesystems; Windows doesn't allow renaming one file over another but even so this technique at least drastically shortens the window for potential corruption. ↩