Content deleted Content added
m whitespace |
No edit summary |
||
Line 67:
Despite conceptual simplicity, TOCTOU race conditions are difficult to avoid and eliminate. One general technique is to use [[exception handling]] instead of checking, under the philosophy of '''EAFP''' "It is easier to ask for forgiveness than permission" rather than '''LBYL''' "look before you leap" – in this case there is no check, and failure of assumptions to hold are detected at use time, by an exception.<ref>{{cite book |last=Martelli |first=Alex |authorlink=Alex Martelli |year=2006 |title=Python in a Nutshell |edition=2nd |chapter=Chapter 6: Exceptions |publisher=[[O'Reilly Media]] |isbn=978-0-596-10046-9 |page=134}}</ref>
In the context of file system TOCTOU race conditions, the fundamental challenge is ensuring that the file system cannot be changed between two system calls. In 2004, an impossibility result was published, showing that there was no portable, deterministic technique for avoiding TOCTOU race conditions.<ref>{{cite web |last1=Dean |first1=Drew |last2=Hu |first2=Alan J. |year=2004 |title=
Since this impossibility result, libraries for tracking [[file descriptor]]s and ensuring correctness have been proposed by researchers.<ref>{{cite web |last1=Tsafrir |first1=Dan |last2=Hertz |first2=Tomer |last3=Wagner |first3=David |last4=Da Silva |first4=Dilma |authorlink4=Dilma Da Silva |date=June 2008 |title=Portably Preventing File Race Attacks with User-Mode Path Resolution |work=Technical Report RC24572, [[Thomas J. Watson Research Center|IBM T. J. Watson Research Center]], Yorktown Heights (NY) |url=http://domino.watson.ibm.com/library/CyberDig.nsf/1e4115aea78b6e7c85256b360066f0d4/c4028924309762d18525746e004a4feb}}</ref>
| |||