tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: open()ing a directory without O_DIRECTORY

In article <>,
Aymeric Vincent  <> wrote:
>on BSD, it has historically been possible to open() and read() a
>directory. While this is fun, it also leaks part of the history of the
>contents of the directory. E.g. you give rights to a directory after
>clearing its contents, and you actually give access to many filenames
>present in that directory when it had more restrictive rights.
>I fail to see any fair use of this behaviour (except for pedagogical
>purposes), and would like to suggest that we return EISDIR when a
>directory if open()ed without O_DIRECTORY, and make sure that even then
>they can't be read()/mmap()ed/... directly (didn't check if it's the
>case now).
>Does anyone see a good reason to keep the historical behaviour? FWIW, I
>think at least OpenBSD dropped that.

The current behavior is useful because I don't have to modify
hexdump, od, etc. or write a special program to look at the contents
of a directory. It is not a security issue, because you can still
do it with O_DIRECTORY (you still have the data disclosure). It is
historical behavior as you say, so why break it? What's next, create
O_DEVICE to open devices, so people accidentally don't mess up
their terminals when they cat them?


Home | Main Index | Thread Index | Old Index