Re: x bit for dirs: misfeature?

Helge Hafting (helgehaf@idb.hist.no)
Wed, 21 Nov 2001 11:34:07 +0100

Thomas Hood wrote:
>
> Please forgive me if I overlooked the message that
> already said this, but ...
>
> James Sutherland wrote that "There are valid uses for
> X only directories (i.e. users are not allowed to list
> the contents, only to access them directly by name).
> R-only directories make little sense". Then there
> followed a long discussion about the utility of "--x"
> directories. (I agree that they aren't a very good
> idea, since an explorable directory can be "listed" by
> trial and error on the filenames within it.)

Finding filenames by trial and error is hopeless.
It is _much_ easier to find the root
password by trial and error and then change the permissions
and list in the normal way.
There is only one root password to guess, but you think
having to guess _every_ filename is insecure?

A x-only directory is much safer than user security
will ever be - you effectively have a password per file.

>
> However, a decent reason for having separate r and x
> is that "r--" directories _do_ make sense. When a
> directory is "r--", its contents can be _listed_ but the
> directory cannot be browsed. Observe: // Thomas Hood

But is that useful?
Sure, I can list filenames. I can't get at filesize
or permissions. I can't open the files. How
is that useful? Of course locking people
out is useful, but why should they need to read
the filenames?

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/