Florian Weimer:
> > I gather you are saying that the innards of Unix will force creation
> > of an unwanted directory entry on the Ada implementation of the required
> > null name support for <packagename>.CREATE .  The Ada implementation
> > could rely on exclusive access to the file (surely Unix has that, right?)
> You can create files in a way that fails if the file already exists,
> using the O_EXCL flag.  (Rumors have it that this won't work reliably
> over NFS, though, but I don't see why.)

With NFS over UDP under heavy load, operations can succeed and
return an error result anyway. When the server's reply is lost,
the client retransmits the request.  That is no problem with
idempotent operations such as read or write that can be repeated
an arbitrary number of times without changing the state of files.

However, with non-idempotent operations such as mkdir, create,
link, remove or rename, a retransmitted operation will fail (file
exists, file not found). To remedy these false errors, the server
maintains a cache of recent RPC replies to skip repeated operations;
this RPC reply cache is finite and non-persistent across reboot.

Application programmers can program around many but not all of
these false errors. In particular there is no workaround for false
failure of open(..O_CREAT|O_EXCL..).

With the deployment of NFS over TCP these errors are less likely 
to happen.

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to