From: Helge Hafting <helgehaf@idb.hist.no>
To: Thomas Hood <jdthood@mail.com>, linux-kernel@vger.kernel.org
Subject: Re: x bit for dirs: misfeature?
Date: Wed, 21 Nov 2001 11:34:07 +0100 [thread overview]
Message-ID: <3BFB831F.49284E42@idb.hist.no> (raw)
In-Reply-To: <1006272306.9039.18.camel@thanatos>
Thomas Hood wrote:
>
> Please forgive me if I overlooked the message that
> already said this, but ...
>
> James Sutherland wrote that "There are valid uses for
> X only directories (i.e. users are not allowed to list
> the contents, only to access them directly by name).
> R-only directories make little sense". Then there
> followed a long discussion about the utility of "--x"
> directories. (I agree that they aren't a very good
> idea, since an explorable directory can be "listed" by
> trial and error on the filenames within it.)
Finding filenames by trial and error is hopeless.
It is _much_ easier to find the root
password by trial and error and then change the permissions
and list in the normal way.
There is only one root password to guess, but you think
having to guess _every_ filename is insecure?
A x-only directory is much safer than user security
will ever be - you effectively have a password per file.
>
> However, a decent reason for having separate r and x
> is that "r--" directories _do_ make sense. When a
> directory is "r--", its contents can be _listed_ but the
> directory cannot be browsed. Observe: // Thomas Hood
But is that useful?
Sure, I can list filenames. I can't get at filesize
or permissions. I can't open the files. How
is that useful? Of course locking people
out is useful, but why should they need to read
the filenames?
Helge Hafting
next prev parent reply other threads:[~2001-11-21 10:35 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-20 16:05 x bit for dirs: misfeature? Thomas Hood
2001-11-21 10:34 ` Helge Hafting [this message]
2001-11-21 23:00 ` Mike Fedyk
-- strict thread matches above, loose matches on Subject: below --
2001-11-19 16:22 vda
2001-11-19 14:36 ` James A Sutherland
2001-11-19 16:58 ` vda
2001-11-19 15:04 ` Tim Waugh
2001-11-19 15:29 ` Richard B. Johnson
2001-11-19 16:00 ` James A Sutherland
2001-11-19 17:43 ` Kai Henningsen
2001-11-19 18:24 ` vda
2001-11-19 16:44 ` Horst von Brand
2001-11-19 17:24 ` James A Sutherland
2001-11-19 19:39 ` vda
2001-11-19 19:07 ` James A Sutherland
2001-11-20 13:03 ` vda
2001-11-19 21:01 ` Flavio Stanchina
2001-11-19 19:21 ` vda
2001-11-19 18:14 ` Horst von Brand
2001-11-20 11:20 ` Anton Altaparmakov
2001-11-20 12:01 ` Alexander Viro
2001-11-20 15:08 ` Anton Altaparmakov
2001-11-20 17:18 ` Mike Castle
2001-11-20 17:37 ` Alexander Viro
2001-11-20 12:58 ` vda
2001-11-19 16:47 ` Jesse Pollard
2001-11-19 17:15 ` David Ford
2001-11-19 17:37 ` Pascal Schmidt
2001-11-19 18:42 ` J Sloan
2001-11-19 14:46 ` Alexander Viro
2001-11-19 17:03 ` vda
2001-11-19 15:07 ` Shaya Potter
2001-11-19 15:12 ` Alexander Viro
2001-11-19 15:19 ` Mathijs Mohlmann
2001-11-19 15:36 ` Gerhard Mack
2001-11-19 16:19 ` Horst von Brand
2001-11-19 22:36 ` Lionel Bouton
2001-11-19 15:12 ` Mathijs Mohlmann
2001-11-19 17:41 ` vda
2001-11-20 0:38 ` Albert D. Cahalan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3BFB831F.49284E42@idb.hist.no \
--to=helgehaf@idb.hist.no \
--cc=jdthood@mail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox