EEP: XXX
Title: Safe file operations
Version: $Revision: 37 $
Last-Modified: $Date: 2008-07-11 15:47:13 +0200 (Fri, 11 Jul 2008) $
Author: Zoltan Peter Toth [zoltan(dot)peter(dot)toth(at)ericsson(dot)com]
Status: Draft
Type: Standards Track
Content-Type: text/plain
Created: 17-Nov-2008
Erlang-Version: R13B-0
Post-History: 17-Nov-2008

----------------------------------------------------------------------


Abstract

    This EEP proposes additional file operation functions to allow
    for concurrency-safe working.


Specification

    It is proposed that the file operations in module file and filelib
    be duplicated to have a version which operates on an already opened
    file, using the IoDevice returned from file:open.  

    Examples are file:read_file*, file:consult, filelib:file_size,
    file_lib:is_*, filelib:last_modified, file:change_*,
    file:read_link, file:script, file:write_file*.  Further on,
    erlang:open_port could be enhanced to support {iodev, In, Out}
    (enhancing {fd, In, Out}) or {spawn_iodev, IoDevice} (enhancing
    {spawn, Command}).  
    
    For the implementation of these functions in GNU libc, see
    chapter 2.2 in [1], particularly the table 2.2.1.  


Motivation

    The current function implementations mentioned above cannot
    protect against a case when
        1. a file is opened by application 1
        2. something is checked on it (access rights, size, checksum,...)
        3. the file is closed
        4. it is changed by application 2
        5. it is opened again by application 1 assuming that the checks
        performed in step 2 would still succeed.  


Rationale
    The proposed change would be useful both for implementing secure
    file operations (i.e. to prevent security holes),
    as well as concurrency-safe applications like e.g. server side
    executables/scripts that access the same files/databases.  


References

    [1] Defensive Programming for Red Hat Enterprise Linux,
        Ulrich Drepper,
        http://people.redhat.com/drepper/defprogramming.pdf
        

Copyright

    This document has been placed in the public domain.  


Local Variables:
mode: indented-text
indent-tabs-mode: nil
sentence-end-double-space: t
fill-column: 70
coding: utf-8
End:

 