Re: open()ing a directory without O_DIRECTORY

[Aymeric Vincent <aymericvincent%free.fr@localhost>]

christos%astron.com@localhost (Christos Zoulas) writes:

> In article <871s3p49lz.fsf%free.fr@localhost>,
> Aymeric Vincent  <aymericvincent%free.fr@localhost> wrote:
>>
>>There is no trivial way to get rid of this no longer valid contents,
>>since for good reason you can't write to a directory as a file. You have
>>to re-create it (not always possible due to permissions) or create long
>>entries until your data disappears... :-/
>
> Why? The kernel can just zero out the deleted dirents.

Forgot to mention: "in the current situation". And yes, that's exactly
what I think, probably the alternative is

 - zero out on unlink() so that the data is no longer on the disk
   (Everybody seems to have expressed preference for this solution but I
   think this requires changing all the affected filesystems)
 - zero out in getdents() so that the data cannot be accessed without
   accessing the raw device, mimicking the behaviour of unlink for the
   data: data still present on disk but not accessible without accessing
   the raw device. (This requires forbidding read() and similar on
   directories)

> Yes, users can't and should not write to directories, if you want to
> avoid the data disclosure fix it in the kernel!

Obviously yes, as far as I understand we are only talking about kernel
APIs or behaviour here.

 Aymeric