On 02.03.2019 15:30, Christos Zoulas wrote: > In article <875zt14d5u.fsf%free.fr@localhost>, > Aymeric Vincent <aymericvincent%free.fr@localhost> wrote: >> >> Hi, >> >> on BSD, it has historically been possible to open() and read() a >> directory. While this is fun, it also leaks part of the history of the >> contents of the directory. E.g. you give rights to a directory after >> clearing its contents, and you actually give access to many filenames >> present in that directory when it had more restrictive rights. >> >> I fail to see any fair use of this behaviour (except for pedagogical >> purposes), and would like to suggest that we return EISDIR when a >> directory if open()ed without O_DIRECTORY, and make sure that even then >> they can't be read()/mmap()ed/... directly (didn't check if it's the >> case now). >> >> Does anyone see a good reason to keep the historical behaviour? FWIW, I >> think at least OpenBSD dropped that. > > The current behavior is useful because I don't have to modify > hexdump, od, etc. or write a special program to look at the contents > of a directory. It is not a security issue, because you can still > do it with O_DIRECTORY (you still have the data disclosure). It is > historical behavior as you say, so why break it? What's next, create > O_DEVICE to open devices, so people accidentally don't mess up > their terminals when they cat them? > > christos > Personally I would use a sysctl(3) switch to disable it. From time to time I'm using by a mistake cat(1) against directory instead of a file and it is DoS for my terminal. I find it annoying but I understand that there are some use-cases.
Attachment:
signature.asc
Description: OpenPGP digital signature