Stateless SFTP server and READDIR race condition.

To: iets-ssh <ietf-ssh%netbsd.org@localhost>
Subject: Stateless SFTP server and READDIR race condition.
From: Michael Closson <closson%cs.ualberta.ca@localhost>
Date: Thu, 13 Apr 2006 15:44:02 -0600

This is kind of a nit-pick, but I seems to me that the SFTP server
cannot be implemented as a stateless server because the server must
track the directory offset to support multiple READDIR calls.  Also,
there is a potential race condition when there are multiple READDIR
calls.

NFS READDIR(at least version 2 and 3) returns a cookie to the client,
and the client passes the cookie back to the server so the stateless
server knows where it left off.  NFS version 3 also includes a cookie
verifier to detect directory changes that could occur between multiple
readdir calls.

I'm wondering if this is an issue that should be considered, both the
statelessness and detecting directory changes that happen in between
SFTP READDIR calls.

This is kind of a nit pick for a couple of reasons.  First,
statelessness is useful for crash recovery, but since NFS is UDP
(mostly) and SSH is TCP (always), it is easy for the client to detect a
server crash.  Second, since SFTP returns multiple directory entries
instead of one (as is the case with NFS) the window of vulnerability for
directory changes is only an issue for very large directories.

Thanks!

Mike Closson

Follow-Ups:
- Re: Stateless SFTP server and READDIR race condition.
  - From: Nicolas Williams
- Re: Stateless SFTP server and READDIR race condition.
  - From: der Mouse

Prev by Date: [Inquiry #85608] Resolved: IETF mailing list archive for SECSH WG not being updated
Next by Date: Re: Stateless SFTP server and READDIR race condition.
Previous by Thread: [Inquiry #85608] Resolved: IETF mailing list archive for SECSH WG not being updated
Next by Thread: Re: Stateless SFTP server and READDIR race condition.
Indexes:

Home | Main Index | Thread Index | Old Index