Florian Weimer: > > I gather you are saying that the innards of Unix will force creation > > of an unwanted directory entry on the Ada implementation of the required > > null name support for <packagename>.CREATE . The Ada implementation > > could rely on exclusive access to the file (surely Unix has that, right?) > > You can create files in a way that fails if the file already exists, > using the O_EXCL flag. (Rumors have it that this won't work reliably > over NFS, though, but I don't see why.)
With NFS over UDP under heavy load, operations can succeed and return an error result anyway. When the server's reply is lost, the client retransmits the request. That is no problem with idempotent operations such as read or write that can be repeated an arbitrary number of times without changing the state of files. However, with non-idempotent operations such as mkdir, create, link, remove or rename, a retransmitted operation will fail (file exists, file not found). To remedy these false errors, the server maintains a cache of recent RPC replies to skip repeated operations; this RPC reply cache is finite and non-persistent across reboot. Application programmers can program around many but not all of these false errors. In particular there is no workaround for false failure of open(..O_CREAT|O_EXCL..). With the deployment of NFS over TCP these errors are less likely to happen. Wietse _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________