From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,6482d0ae6dcb1b4c
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-10-06 17:36:41 PST
Newsgroups: comp.lang.ada
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!nntp.abs.net!uunet!dca.uu.net!ash.uu.net!world!news
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: if file exist
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
Sender: news@world.std.com (Mr Usenet Himself)
Message-ID: <wccsmzjytlr.fsf@shell01.TheWorld.com>
Date: Mon, 7 Oct 2002 00:34:40 GMT
Content-Type: text/plain; charset=us-ascii
References: <mailman.1032687678.1150.comp.lang.ada@ada.eu.org>
 <dale-93E17F.21255422092002@mec2.bigpond.net.au>
 <x7vd6r6rskf.fsf@pushface.org>
 <dale-E40317.08192523092002@mec2.bigpond.net.au>
 <x7vy99twam9.fsf@pushface.org> <mv2OjUUhp2Hh@eisner.encompasserve.org>
 <3d9245da.259420486@news.cis.dfn.de> <3D933A6B.5000105@cogeco.ca>
 <wccadm41jqs.fsf@shell01.TheWorld.com>
 <8db3d6c8.0209270247.5bf07ae5@posting.google.com>
 <3D94D418.5010604@attbi.com> <3D9E0091.18314F2E@ebox.tninet.se>
 <wccelb5nfz7.fsf@shell01.TheW
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
Organization: The World Public Access UNIX, Brookline, MA
Xref: archiver1.google.com comp.lang.ada:29548
Date: 2002-10-07T00:34:40+00:00
List-Id: <comp.lang.ada>

Keith Thompson <kst@cts.com> writes:

> Robert A Duff <bobduff@shell01.TheWorld.com> writes:
> [...]
> > I'm not sure what the second command is attempting to do, but I'm pretty
> > sure that on Unix systems, if you have no access to directory "dir"
> > (i.e., rwx bits all zero), then you can't find out whether a given file
> > name exists in dir.  E.g., "ls dir/exists" and "ls dir/not-exists" will
> > both produce the same error message, even though exists exists and
> > not-exists does not.  Attempting to run a directory as a command will
> > cause an error, too, so I don't see how the second command causes a
> > security flaw.  Please explain the 'ls `dirname filename`'.
> 
> I think you missed the backticks and/or the fact that "dirname" is a
> Unix command that prints a given filename with the trailing component
> removed.

I missed the fact that "dirname" was the dirname command.
I thought it meant "the name of some directory".

I still don't see how this introduces a security hole.
The dirname command just works on a string -- it doesn't care whether
the given file and directory names exist.  And 'ls' won't tell you
whether the file exists either.

(The security hole in question is when I have a private directory foo,
can outsiders find out the name(s) of my files in foo.)

- Bob