From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,6482d0ae6dcb1b4c
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-10-06 22:42:36 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!bloom-beacon.mit.edu!nycmny1-snh1.gtei.net!washdc3-snf1!news.gtei.net!cyclone1.gnilink.net!wn11feed!worldnet.att.net!bgtnsc05-news.ops.worldnet.att.net.POSTED!not-for-mail
From: "David Thompson" <david.thompson1@worldnet.att.net>
Newsgroups: comp.lang.ada
References: <mailman.1032687678.1150.comp.lang.ada@ada.eu.org>
 <dale-93E17F.21255422092002@mec2.bigpond.net.au>
 <x7vd6r6rskf.fsf@pushface.org>
 <dale-E40317.08192523092002@mec2.bigpond.net.au>
 <x7vy99twam9.fsf@pushface.org> <mv2OjUUhp2Hh@eisner.encompasserve.org>
 <3d9245da.259420486@news.cis.dfn.de> <3D933A6B.5000105@cogeco.ca>
 <wccadm41jqs.fsf@shell01.TheWorld.com>
 <8db3d6c8.0209270247.5bf07ae5@posting.google.com>
 <3D94D418.5010604@attbi.com>
Subject: Re: if file exist
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Message-ID: <g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net>
Date: Mon, 07 Oct 2002 05:42:36 GMT
NNTP-Posting-Host: 12.89.95.207
X-Complaints-To: abuse@worldnet.att.net
X-Trace: bgtnsc05-news.ops.worldnet.att.net 1033969356 12.89.95.207 (Mon,
 07 Oct 2002 05:42:36 GMT)
NNTP-Posting-Date: Mon, 07 Oct 2002 05:42:36 GMT
Organization: AT&T Worldnet
Xref: archiver1.google.com comp.lang.ada:29551
Date: 2002-10-07T05:42:36+00:00
List-Id: <comp.lang.ada>

Mark Biggar <mark.a.biggar@attbi.com> wrote :
> steve_H wrote:
...
> > But the above is not logical. If your function return FALSE, then one
> > does not know if this means the file actually does not exist, or that
> > the function was not able to determine if it exist or not becuase of
> > permission issues.  The user might want to know this.
>
> No, from a computer security point of view, this is exactly what is
> wanted.  A user should see absolutely no difference between "file does
> not exist" and "you don't have permission to see the file".  Otherwise,
> you have introduced a covert information channel.
>
First this only matters if you want/need nondiscretionary controls.
Second it is OK if the third state is not specifically 'file exists but
you don't have access' but rather 'I won't say if the file exists'* --
as in Multics' most-frequent and perhaps most-annoying error
code/message "Insufficient access to return any information".

* assuming there isn't an observable timing difference either

--
- David.Thompson 1 now at worldnet.att.net