W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1998

possible race condition in COPY with overwrite

From: Jim Davis <jdavis@parc.xerox.com>
Date: Sun, 29 Nov 1998 09:48:37 PST
Message-Id: <>
To: w3c-dist-auth@w3.org
Suppose I want to COPY a resource (S) to destination D.  To ensure
consistency, I take out a lock on destination D.  Since I have locked D, it
becomes a lock-null resource (per 7.4), and hence it 'exists', so I must
also specify the Overwrite header (8.8.4) as T, and thus the server MUST
delete D prior to the copy.  But by 8.10.5,  a successful DELETE of a
resource MUST cause all of its locks to be removed.  Thus the lock has no
real protection.  If the server is multithreaded, then while the COPY is in
progress, as soon as the DELETE finished, a second client could start
altering D as well.

The workaround seems to be to lock the parent of D (with depth infinity),
not D itself.  This causes the newly created resource to inherit the lock
of the parent (per 7.7)

Do you agree with this analysis?

If so, please mention it in "DAV for Dummies" or whatever tutorial document
is written about WebDAV. I don't think it requires any changes to the
protocol or the the spec.


Received on Sunday, 29 November 1998 12:48:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:15 UTC