Secure Coding mailing list archives
temporary directories
From: wietse at porcupine.org (Wietse Venema)
Date: Tue, 2 Jan 2007 10:02:24 -0500 (EST)
Florian Weimer:
I gather you are saying that the innards of Unix will force creation of an unwanted directory entry on the Ada implementation of the required null name support for <packagename>.CREATE . The Ada implementation could rely on exclusive access to the file (surely Unix has that, right?)You can create files in a way that fails if the file already exists, using the O_EXCL flag. (Rumors have it that this won't work reliably over NFS, though, but I don't see why.)
With NFS over UDP under heavy load, operations can succeed and return an error result anyway. When the server's reply is lost, the client retransmits the request. That is no problem with idempotent operations such as read or write that can be repeated an arbitrary number of times without changing the state of files. However, with non-idempotent operations such as mkdir, create, link, remove or rename, a retransmitted operation will fail (file exists, file not found). To remedy these false errors, the server maintains a cache of recent RPC replies to skip repeated operations; this RPC reply cache is finite and non-persistent across reboot. Application programmers can program around many but not all of these false errors. In particular there is no workaround for false failure of open(..O_CREAT|O_EXCL..). With the deployment of NFS over TCP these errors are less likely to happen. Wietse
Current thread:
- temporary directories Wietse Venema (Jan 02)
- <Possible follow-ups>
- temporary directories David A. Wheeler (Jan 03)
- temporary directories Robert C. Seacord (Jan 03)