From: "David Thompson" <david.thompson1@worldnet.att.net>
Subject: Re: if file exist
Date: Mon, 21 Oct 2002 02:17:31 GMT
Date: 2002-10-21T02:17:31+00:00 [thread overview]
Message-ID: <%sJs9.19905$1P1.1202599@bgtnsc05-news.ops.worldnet.att.net> (raw)
In-Reply-To: 9WZ5dN1lmUZv@eisner.encompasserve.org
Larry Kilgallen <Kilgallen@SpamCop.net> wrote :
> In article <g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net>, "David
Thompson" <david.thompson1@worldnet.att.net> writes:
> > Mark Biggar <mark.a.biggar@attbi.com> wrote :
...
> >> No, from a computer security point of view, this is exactly what is
> >> wanted. A user should see absolutely no difference between "file does
> >> not exist" and "you don't have permission to see the file". Otherwise,
> >> you have introduced a covert information channel.
> >>
> > First this only matters if you want/need nondiscretionary controls.
>
> Non-discretionary controls, known as MAC for Mandatory Access Controls,
> are when the direct data owner (e.g., file owner) does not have full
> rights to control protection, for instance no right to disclose.
>
Yes, and not just the owner, but also other users who are authorized
to read and/or write, if any.
> The inability to tell whether an inaccessible file exists is _NOT_
> restricted to MAC situations. Under DAC (Dicretionary Access Controls)
> the data owner may very well wish to restrict knowledge of file existence.
> Whether the desire for non-disclosure comes from the data owner or some
> higher authority has nothing to do with what characteristics are required
> in order to avoid disclosing the presence of a file.
But only MAC really needs to be concerned about covert channels,
since a DAC-authorized user is permitted to use open channels.
AFAICT it is rare(r?) in DAC situations to care about disclosing
existence, only contents, but if it is, it is common (and I am
assuming possible) to put the file in a directory which is restricted
against unauthorized probing for member's names and existence.
--
- David.Thompson 1 now at worldnet.att.net
next prev parent reply other threads:[~2002-10-21 2:17 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.1032687678.1150.comp.lang.ada@ada.eu.org>
2002-09-22 9:58 ` if file exist Preben Randhol
2002-09-22 19:25 ` Keith Thompson
2002-09-22 11:26 ` Dale Stanbrough
2002-09-22 14:45 ` Simon Wright
2002-09-22 17:24 ` Frank J. Lhota
2002-09-22 19:24 ` Keith Thompson
2002-09-22 22:20 ` Dale Stanbrough
2002-09-23 5:14 ` Simon Wright
2002-09-23 12:38 ` Larry Kilgallen
2002-09-26 0:39 ` Nick Roberts
2002-09-26 16:48 ` Warren W. Gay VE3WWG
2002-09-26 22:14 ` Robert A Duff
2002-09-27 10:47 ` steve_H
2002-09-27 14:01 ` Robert A Duff
2002-09-27 18:43 ` Randy Brukardt
2002-09-28 1:17 ` Keith Thompson
2002-09-28 13:04 ` Marin David Condic
2002-09-29 4:50 ` Keith Thompson
2002-09-29 5:13 ` Christopher Browne
2002-09-27 21:59 ` Mark Biggar
2002-09-27 23:09 ` Larry Kilgallen
2002-10-04 20:56 ` Stefan Skoglund
2002-10-05 13:59 ` Robert A Duff
2002-10-06 20:35 ` Keith Thompson
2002-10-07 0:34 ` Robert A Duff
2002-10-07 5:42 ` David Thompson
2002-10-13 17:05 ` Larry Kilgallen
2002-10-21 2:17 ` David Thompson [this message]
2002-09-22 11:55 ` Per Sandbergs
2002-09-22 22:29 ` SteveD
2002-09-23 1:53 ` if_file_exist : it's working thankyou all! Dominic D'Apice
2002-09-23 5:25 ` Simon Wright
2002-09-23 23:59 ` Dominic D'Apice
2002-09-25 19:13 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox