Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

RE: Basic Security question about directory path
From: "Samuel R. Baskinger" <sbaskinger () lumeta com>
Date: Fri, 29 Jul 2005 14:39:48 -0400
Every system I know if has dir1 --x--x--x, dir2 as --x--x--x and the
file as r--r--r--. I seem to remember some implementations which
wouldn't let you read a file if you couldn't read a directory's
contents, the logic being that someone could launch an inference attack
of some sort. 

Go fig. :)

Sam 

-----Original Message-----
From: John Earl [mailto:john.earl () powertech com] 
Sent: Wednesday, July 27, 2005 9:12 PM
To: security-basics () lists securityfocus com
Subject: Basic Security question about directory path


This seems like a very basic security question, and I _believe_ I
already know the answer, but I am in a debate with a large software
company about what is the correct security requirement for a path
prefix, so I'm looking for second opinions...

The question is this;  In a standard Unix (or POSIX really) setup, what
authority does a user require to traverse a directory path in order to
read a file from a subdirectory?

For example, if user "FRED" wishes to read file "myfile"
from location "/dir1/dir2/" (so that the full path name is
(/dir1/dir2/myfile"), should user "FRED" need just "x" access to the
root and "dir1" or should user FRED need "rx" access to the root and
"dir1".  The goal is both to read the contents of "myfile", but also to
give the user the lowest amount of authority necessary to complete the
task.

Any insight you have on this would be greatly appreciated.

Thank You,


jte


--
John Earl 
The PowerTech Group
Seattle, WA 
www.powertech.com 
 

 
This email message and any attachments are intended only for the use of
the intended recipients and may contain information that is privileged
and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message, or by telephone, and delete
the message from your email system.
--

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]