On Mon, 27 Oct 2003, [UTF-8] Branko Čibej wrote:
> Luke Blanshard wrote:
>
> > Branko Čibej wrote:
> >
> >> Luke Blanshard wrote:
> >>
> >>
> >>> It is of course a pity that Windows doesn't share Unix's approach to
> >>> atomicity in the filesystem.
> >>>
> >>
> >> The operation that's failing isn't atomic on Unix, either...
> >>
> > Really? The operation that's failing is a rename -- isn't it? That's
> > (at least usually) atomic on Unix -- right?
>
> No, the operation that's failing is "write temp+delete orig+rename temp
> to orig", which is not atomic on any system I know of. Rename itself is
> atomic on Windows, but it fails because another proces opens (and
> implicitly locks) the file between the close after the write and the rename.
>
> Which suggests a simple solution, using the following (Windows-specific)
> algorithm:
>
> 1. open temp (no sharing)
> 2. write contents to temp
> 3. delete orig
> 4. rename temp to orig
> 5. close temp
>
> This would prevent virus scanners etc. from grabbing our file between
> the close and the rename. Unfortunately we can't do that with the
> functionality offered by APR. We'd have to introduce a new function with
> a Win32-specific implementation, yuck.
Or, you could "fix" APR in a strange way. :-)
I have always hated the APR security model, because I couldn't figure out
how to abstract permissions between Unix and Windows. I actually
originally stated that the APR security stuff was just supposed to be
temporary, but nobody could come up with a good solution. However, you
can fix this. Currently the Windows implementation of apr_open completely
ignores the perm flag. That is really very bogus. That perm flag (the
last time I checked) is just a direct map of Unix permissions (ie user
read, user write, user exec, group read, group write, etc).
If apr_open on Windows is taught to respect the group and world
permissions, this problem can be solved. Currently apr_open on Windows
always opens everything share_read and share_write. This should be
conditional based on group/world permissions (least permissive wins).
For example:
group perms world perms share_mode
7 0 0
7 7 SHARE_READ | SHARE_WRITE
5 4 SHARE_READ
and so on.
If you make this change, you can solve this bug with straight APR calls.
Ryan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Oct 27 18:56:26 2003