Re: if file exist - Larry Kilgallen

comp.lang.ada
 help / color / mirror / Atom feed

From: Kilgallen@SpamCop.net (Larry Kilgallen)
Subject: Re: if file exist
Date: 13 Oct 2002 11:05:53 -0600
Date: 2002-10-13T11:05:53-06:00	[thread overview]
Message-ID: <9WZ5dN1lmUZv@eisner.encompasserve.org> (raw)
In-Reply-To: g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net

In article <g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net>, "David Thompson" <david.thompson1@worldnet.att.net> writes:
> Mark Biggar <mark.a.biggar@attbi.com> wrote :
>> steve_H wrote:
> ...
>> > But the above is not logical. If your function return FALSE, then one
>> > does not know if this means the file actually does not exist, or that
>> > the function was not able to determine if it exist or not becuase of
>> > permission issues.  The user might want to know this.
>>
>> No, from a computer security point of view, this is exactly what is
>> wanted.  A user should see absolutely no difference between "file does
>> not exist" and "you don't have permission to see the file".  Otherwise,
>> you have introduced a covert information channel.
>>
> First this only matters if you want/need nondiscretionary controls.

Non-discretionary controls, known as MAC for Mandatory Access Controls,
are when the direct data owner (e.g., file owner) does not have full
rights to control protection, for instance no right to disclose.

The inability to tell whether an inaccessible file exists is _NOT_
restricted to MAC situations.  Under DAC (Dicretionary Access Controls)
the data owner may very well wish to restrict knowledge of file existence.
Whether the desire for non-disclosure comes from the data owner or some
higher authority has nothing to do with what characteristics are required
in order to avoid disclosing the presence of a file.

next prev parent reply	other threads:[~2002-10-13 17:05 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <mailman.1032687678.1150.comp.lang.ada@ada.eu.org>
2002-09-22  9:58 ` if file exist Preben Randhol
2002-09-22 19:25   ` Keith Thompson
2002-09-22 11:26 ` Dale Stanbrough
2002-09-22 14:45   ` Simon Wright
2002-09-22 17:24     ` Frank J. Lhota
2002-09-22 19:24     ` Keith Thompson
2002-09-22 22:20     ` Dale Stanbrough
2002-09-23  5:14       ` Simon Wright
2002-09-23 12:38         ` Larry Kilgallen
2002-09-26  0:39           ` Nick Roberts
2002-09-26 16:48             ` Warren W. Gay VE3WWG
2002-09-26 22:14               ` Robert A Duff
2002-09-27 10:47                 ` steve_H
2002-09-27 14:01                   ` Robert A Duff
2002-09-27 18:43                   ` Randy Brukardt
2002-09-28  1:17                     ` Keith Thompson
2002-09-28 13:04                       ` Marin David Condic
2002-09-29  4:50                         ` Keith Thompson
2002-09-29  5:13                           ` Christopher Browne
2002-09-27 21:59                   ` Mark Biggar
2002-09-27 23:09                     ` Larry Kilgallen
2002-10-04 20:56                     ` Stefan Skoglund
2002-10-05 13:59                       ` Robert A Duff
2002-10-06 20:35                         ` Keith Thompson
2002-10-07  0:34                       ` Robert A Duff
2002-10-07  5:42                     ` David Thompson
2002-10-13 17:05                       ` Larry Kilgallen [this message]
2002-10-21  2:17                         ` David Thompson
2002-09-22 11:55 ` Per Sandbergs
2002-09-22 22:29 ` SteveD
2002-09-23  1:53   ` if_file_exist : it's working thankyou all! Dominic D'Apice
2002-09-23  5:25     ` Simon Wright
2002-09-23 23:59       ` Dominic D'Apice
2002-09-25 19:13         ` Simon Wright

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox