Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!rutgers!soleil!slopoke.semi.harris-atd.com!thrush!del
From: del@thrush.semi.harris-atd.com (Don Lewis)
Newsgroups: comp.unix.wizards
Subject: Re: What new system calls do you want in BSD?
Message-ID: <1990Feb9.025853.8202@semi.harris-atd.com>
Date: 9 Feb 90 02:58:53 GMT
References: <12157@stealth.acf.nyu.edu> <1990Jan24.193433.3332@semi.harris-atd.com> <23449@stealth.acf.nyu.edu> <1990Feb8.080645.4458@semi.harris-atd.com> <5068.16:48:52@stealth.acf.nyu.edu>
Sender: news@semi.harris-atd.com
Distribution: usa
Organization: Harris Semiconductor, Melbourne, FL
Lines: 23

In article <5068.16:48:52@stealth.acf.nyu.edu> brnstnd@stealth.acf.nyu.edu (Dan Bernstein) writes:
>In article <1990Feb8.080645.4458@semi.harris-atd.com> del@thrush.semi.harris-atd.com (Don Lewis) writes:
>> In article <23449@stealth.acf.nyu.edu> brnstnd@stealth.acf.nyu.edu (Dan Bernstein) writes:
>> >In article <1990Jan24.193433.3332@semi.harris-atd.com> del@thrush.semi.harris-atd.com (Don Lewis) writes:
>> >>   open(file,O_PEEK)
>> >This could be a flag on any open, meaning simply ``update ctime rather
>> >than atime or mtime.'' Crackers already know about utimes(); perhaps an
>> >O_PEEK flag would educate inexperienced sysadmins.
>> I don't want it to update the ctime either.
>
>That would be a security violation.
In what way?  The only information that I lose is that I can't tell if
someone has been looking at my files.  If I cared then I would make them
something other than rw-r--r--. Even in the present scheme, if I read my
file after the "cracker" has, then I can't tell if it was previously read.

If the filesystem is mounted read-only, the atime doesn't get updated, is
this a security violation?
--
Don "Truck" Lewis                      Harris Semiconductor
Internet:  del@semi.harris-atd.com     PO Box 883   MS 62A-028
UUCP:      rutgers!soleil!thrush!del   Melbourne, FL  32901              
Phone:     (407) 729-5205