shawn%mit-dspg@BRL.ARPA (01/17/84)
It seems to me that there should be some way to make it such that a user program could not read a 'directory file', that his program would use a 'system call' to read the 'next' entry in this directory file if the protection permitted, it seems this would make the file system in general more secure, or did I miss something? Oh, yes, I am aware, that if this was ever done, the 'world' would break, but that's a small price to pay for security, or is it? Yours In Hacking, -- Shawn p.s. Ideas stolen from TOPS-20.
gwyn%brl-vld@sri-unix.UUCP (01/17/84)
From: Doug Gwyn (VLD/VMB) <gwyn@brl-vld> Where have you been? There is no security problem in reading directories. The only real problem is that UNIX directory format is now variable, thanks to Berkeley. To portably and easily access UNIX directories, you should be using the new directory access library routines available via net.sources or my independent implementation (I do not like the Regents of the University of California!) available for the asking (also part of the BRL UNIX System V emulation for 4.2BSD). This directory access library is something that should have been done a long time ago, independently of the question of differing directory formats. I tried several months ago to get the Western Electric development types interested in this issue but I have no idea whether they have plans to provide the library routines with future UNIX releases.
guy@rlgvax.UUCP (Guy Harris) (01/18/84)
<go away, bug!> It seems to me that there should be some way to make it such that a user program could not read a 'directory file', that his program would use a 'system call' to read the 'next' entry in this directory file if the protection permitted, it seems this would make the file system in general more secure, or did I miss something? Oh, yes, I am aware, that if this was ever done, the 'world' would break, but that's a small price to pay for security, or is it? First, what do you mean by "secure"? Secure in the sense of "secure against crashes trashing things", or secure in the sense of "secure against protection violations"? If the former, reading a directory doesn't write to the disk (except for setting the directory file's access time which should happen even in your scheme) so this change contributes nothing. If the latter, UNIX already can protect the directory as a whole against reading; just turn off the appropriate "r" bit. If you meant protecting specific directory entries, what bit would indicate whether the user would be allowed to read that entry or not? For that matter, what security holes are created by permitting the user to read directory entries? Guy Harris {seismo,ihnp4,allegra}!rlgvax!guy
smk@axiom.UUCP (Steven Kramer) (01/19/84)
I think you're missing something. If you can read the directory as a whole or name by name, you are obtaining the SAME information. If protection of the directory disallows reading, you cannot read anything on either method. (I assume on the name by name system call basis you will also get the inode number, which makes both methods eqivalent.) In fact, the opendir(), ... 4.2BSD (compatible) library routines do EXACTLY what you want, but alas, the protection is exactly the same on either method. So, directly, UNIX gives you the `raw' directory file to look at, and you can build routines around the structure to make your life easier. That's the UNIX way. (I know by saying things like this last statement I'll get a rebuttal. For this article, I'll only take rebuttals from North Dakota [is there one?] -- the rest of you flame to /dev/null.) -- --steve kramer {allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!axiom!smk (UUCP) linus!axiom!smk@mitre-bedford (MIL)
chuqui@nsc.UUCP (01/20/84)
Another reason not to automatically page is is I have something on the other end of the tty line that is only pretending to be a terminal. If I try to download through that tty line, I don't want to have to hack up the downloader to handle stripping '--more--' and sending spaces! -- --Go ahead- Make my wombat!-- From the house at Pooh Corner: Chuqui (a Silly Old Bear) {fortune,menlo70}!nsc!chuqui I wish I had time to explain dimensional trancendentalism --- Dr. Who
feldman@tymix.UUCP (Steve Feldman) (02/05/84)
Regarding: Side note on Doug's "Regents" remark: I feel it's inconsistent for a group-- like Berkeley or AT&T--to claim to be interested in software portability and then copyright its work. Copyrighting is a far greater impediment to portability than the number of letters you use in variable names. Unfortunately, the people doing the programming are not the ones who make decisions about copyrights and licensing. The CSRG at Berkeley really had no choice about these matters. They have to follow policies set by the University. The same is undoubtedly true of AT&T. (It has been said that the University lawyers would never sign the BSD agreement themselves. I tend to believe it.) Steve Feldman Tymshare (Formerly of the Berkeley CSRG)