file access

[Guy Harris]

<go away, bug!>

	It seems to me that there should be some way to make it such that
	a user program could not read a 'directory file', that his program
	would use a 'system call' to read the 'next' entry in this directory
	file if the protection permitted, it seems this would make the file
	system in general more secure, or did I miss something? Oh, yes,
	I am aware, that if this was ever done, the 'world' would break, but
	that's a small price to pay for security, or is it?

First, what do you mean by "secure"?  Secure in the sense of "secure against
crashes trashing things", or secure in the sense of "secure against protection
violations"?  If the former, reading a directory doesn't write to the disk
(except for setting the directory file's access time which should happen even
in your scheme) so this change contributes nothing.  If the latter, UNIX
already can protect the directory as a whole against reading; just turn off
the appropriate "r" bit.  If you meant protecting specific directory entries,
what bit would indicate whether the user would be allowed to read that entry
or not?

For that matter, what security holes are created by permitting the user to
read directory entries?

	Guy Harris
	{seismo,ihnp4,allegra}!rlgvax!guy