Re: open()ing a directory without O_DIRECTORY

[christos%astron.com@localhost (Christos Zoulas)]

In article <875zt14d5u.fsf%free.fr@localhost>,
Aymeric Vincent  <aymericvincent%free.fr@localhost> wrote:
>
>Hi,
>
>on BSD, it has historically been possible to open() and read() a
>directory. While this is fun, it also leaks part of the history of the
>contents of the directory. E.g. you give rights to a directory after
>clearing its contents, and you actually give access to many filenames
>present in that directory when it had more restrictive rights.
>
>I fail to see any fair use of this behaviour (except for pedagogical
>purposes), and would like to suggest that we return EISDIR when a
>directory if open()ed without O_DIRECTORY, and make sure that even then
>they can't be read()/mmap()ed/... directly (didn't check if it's the
>case now).
>
>Does anyone see a good reason to keep the historical behaviour? FWIW, I
>think at least OpenBSD dropped that.

The current behavior is useful because I don't have to modify
hexdump, od, etc. or write a special program to look at the contents
of a directory. It is not a security issue, because you can still
do it with O_DIRECTORY (you still have the data disclosure). It is
historical behavior as you say, so why break it? What's next, create
O_DEVICE to open devices, so people accidentally don't mess up
their terminals when they cat them?

christos