On Mon, 2006-01-02 at 14:06 -0500, schaufler-ca.com - Casey Schaufler wrote: > Casey takes a deep breath... > > The filename is not an attribute of the file. > The pathname components are data contained > in directory entries. The association of path name > to inode number is one way. There is no association > of path name from file. Really. This is the thing > that make audit hard. > > Yes, I know "It's obvious". It's just not true. The world is ending because I agree with Casey on this one... The filename is not an attribute of the file, and we do not want this type of filtering on directory reads. Use the permissions on the directory itself to control who can see the names it contains. It is the data container for the filenames. Use polyinstantiation aka Multi-Level Directories aka moldy directories for shared directories like /tmp. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Tue Jan 03 2006 - 07:41:46 PST