tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

open()ing a directory without O_DIRECTORY


on BSD, it has historically been possible to open() and read() a
directory. While this is fun, it also leaks part of the history of the
contents of the directory. E.g. you give rights to a directory after
clearing its contents, and you actually give access to many filenames
present in that directory when it had more restrictive rights.

I fail to see any fair use of this behaviour (except for pedagogical
purposes), and would like to suggest that we return EISDIR when a
directory if open()ed without O_DIRECTORY, and make sure that even then
they can't be read()/mmap()ed/... directly (didn't check if it's the
case now).

Does anyone see a good reason to keep the historical behaviour? FWIW, I
think at least OpenBSD dropped that.


Home | Main Index | Thread Index | Old Index