tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: open()ing a directory without O_DIRECTORY (Christos Zoulas) writes:

> The current behavior is useful because I don't have to modify
> hexdump, od, etc. or write a special program to look at the contents
> of a directory.

But you do in order to look at the superblock. Why is that? And why
can't you write to a directory as a file? I think it's because both the
superblock and directory entries belong to what is called "metadata" in
a filesystem, and as such they need cooking before being served to

I also found it cute that directories are seen as files in BSD, but I
now think it's time to move on because I can't think of a useful use for
it and it has drawbacks.

> It is not a security issue, because you can still
> do it with O_DIRECTORY (you still have the data disclosure).

That's easily fixed in getdents() if it's not already the case.

> It is historical behavior as you say, so why break it?

I gave an example and instanciated it. You provided no example of use,
although that's what I was asking for.

> What's next, create O_DEVICE to open devices, so people accidentally
> don't mess up their terminals when they cat them?

Obviously, that's not at all the problem I mentioned nor the direction
I'm suggesting.


Home | Main Index | Thread Index | Old Index