From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: if file exist
Date: Mon, 7 Oct 2002 00:34:40 GMT
Date: 2002-10-07T00:34:40+00:00 [thread overview]
Message-ID: <wccsmzjytlr.fsf@shell01.TheWorld.com> (raw)
In-Reply-To: 3D9E0091.18314F2E@ebox.tninet.se
Keith Thompson <kst@cts.com> writes:
> Robert A Duff <bobduff@shell01.TheWorld.com> writes:
> [...]
> > I'm not sure what the second command is attempting to do, but I'm pretty
> > sure that on Unix systems, if you have no access to directory "dir"
> > (i.e., rwx bits all zero), then you can't find out whether a given file
> > name exists in dir. E.g., "ls dir/exists" and "ls dir/not-exists" will
> > both produce the same error message, even though exists exists and
> > not-exists does not. Attempting to run a directory as a command will
> > cause an error, too, so I don't see how the second command causes a
> > security flaw. Please explain the 'ls `dirname filename`'.
>
> I think you missed the backticks and/or the fact that "dirname" is a
> Unix command that prints a given filename with the trailing component
> removed.
I missed the fact that "dirname" was the dirname command.
I thought it meant "the name of some directory".
I still don't see how this introduces a security hole.
The dirname command just works on a string -- it doesn't care whether
the given file and directory names exist. And 'ls' won't tell you
whether the file exists either.
(The security hole in question is when I have a private directory foo,
can outsiders find out the name(s) of my files in foo.)
- Bob
next prev parent reply other threads:[~2002-10-07 0:34 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.1032687678.1150.comp.lang.ada@ada.eu.org>
2002-09-22 9:58 ` if file exist Preben Randhol
2002-09-22 19:25 ` Keith Thompson
2002-09-22 11:26 ` Dale Stanbrough
2002-09-22 14:45 ` Simon Wright
2002-09-22 17:24 ` Frank J. Lhota
2002-09-22 19:24 ` Keith Thompson
2002-09-22 22:20 ` Dale Stanbrough
2002-09-23 5:14 ` Simon Wright
2002-09-23 12:38 ` Larry Kilgallen
2002-09-26 0:39 ` Nick Roberts
2002-09-26 16:48 ` Warren W. Gay VE3WWG
2002-09-26 22:14 ` Robert A Duff
2002-09-27 10:47 ` steve_H
2002-09-27 14:01 ` Robert A Duff
2002-09-27 18:43 ` Randy Brukardt
2002-09-28 1:17 ` Keith Thompson
2002-09-28 13:04 ` Marin David Condic
2002-09-29 4:50 ` Keith Thompson
2002-09-29 5:13 ` Christopher Browne
2002-09-27 21:59 ` Mark Biggar
2002-09-27 23:09 ` Larry Kilgallen
2002-10-04 20:56 ` Stefan Skoglund
2002-10-05 13:59 ` Robert A Duff
2002-10-06 20:35 ` Keith Thompson
2002-10-07 0:34 ` Robert A Duff [this message]
2002-10-07 5:42 ` David Thompson
2002-10-13 17:05 ` Larry Kilgallen
2002-10-21 2:17 ` David Thompson
2002-09-22 11:55 ` Per Sandbergs
2002-09-22 22:29 ` SteveD
2002-09-23 1:53 ` if_file_exist : it's working thankyou all! Dominic D'Apice
2002-09-23 5:25 ` Simon Wright
2002-09-23 23:59 ` Dominic D'Apice
2002-09-25 19:13 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox