From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,LOTS_OF_MONEY
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,6482d0ae6dcb1b4c
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-10-13 09:05:55 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!iad-peer.news.verio.net!news.verio.net!newsfeed.cwix.com!news.binc.net!kilgallen
From: Kilgallen@SpamCop.net (Larry Kilgallen)
Newsgroups: comp.lang.ada
Subject: Re: if file exist
Date: 13 Oct 2002 11:05:53 -0600
Organization: LJK Software
Message-ID: <9WZ5dN1lmUZv@eisner.encompasserve.org>
References: <mailman.1032687678.1150.comp.lang.ada@ada.eu.org>
 <dale-93E17F.21255422092002@mec2.bigpond.net.au>
 <x7vd6r6rskf.fsf@pushface.org>
 <dale-E40317.08192523092002@mec2.bigpond.net.au>
 <x7vy99twam9.fsf@pushface.org> <mv2OjUUhp2Hh@eisner.encompasserve.org>
 <3d9245da.259420486@news.cis.dfn.de> <3D933A6B.5000105@cogeco.ca>
 <wccadm41jqs.fsf@shell01.TheWorld.com>
 <8db3d6c8.0209270247.5bf07ae5@posting.google.com>
 <3D94D418.5010604@attbi.com>
 <g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net>
NNTP-Posting-Host: eisner.encompasserve.org
X-Trace: grandcanyon.binc.net 1034523326 6656 192.135.80.34 (13 Oct 2002
 15:35:26 GMT)
X-Complaints-To: abuse@binc.net
NNTP-Posting-Date: Sun, 13 Oct 2002 15:35:26 +0000 (UTC)
Xref: archiver1.google.com comp.lang.ada:29744
Date: 2002-10-13T11:05:53-06:00
List-Id: <comp.lang.ada>

In article <g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net>, "David Thompson" <david.thompson1@worldnet.att.net> writes:
> Mark Biggar <mark.a.biggar@attbi.com> wrote :
>> steve_H wrote:
> ...
>> > But the above is not logical. If your function return FALSE, then one
>> > does not know if this means the file actually does not exist, or that
>> > the function was not able to determine if it exist or not becuase of
>> > permission issues.  The user might want to know this.
>>
>> No, from a computer security point of view, this is exactly what is
>> wanted.  A user should see absolutely no difference between "file does
>> not exist" and "you don't have permission to see the file".  Otherwise,
>> you have introduced a covert information channel.
>>
> First this only matters if you want/need nondiscretionary controls.

Non-discretionary controls, known as MAC for Mandatory Access Controls,
are when the direct data owner (e.g., file owner) does not have full
rights to control protection, for instance no right to disclose.

The inability to tell whether an inaccessible file exists is _NOT_
restricted to MAC situations.  Under DAC (Dicretionary Access Controls)
the data owner may very well wish to restrict knowledge of file existence.
Whether the desire for non-disclosure comes from the data owner or some
higher authority has nothing to do with what characteristics are required
in order to avoid disclosing the presence of a file.