Determining Directory Rights w/o Exception Handling

[jehuga...@gmail.com]

Hello:

My executable can't call Directory.GetAccessControl on a directory it
doesn't have rights to (System Volume Information). That blows my
mind! Is there a way to find out whether I have rights without
handling an exception?

Thanks,
Travis

P.S. - This is just me playing around and being curious.

[Wilson, Phil]

I don't know the specific answer, but I believe there's a general security
rule that you shouldn't be able to infer too much from the result of an API
call. If you ask about the existence of a file that you can't access you're
supposed to get an answer "there is no file" rather than the answer "the
file exists but you don't have access". In other words you shouldn't be
able to write a program that keeps looking for files like "payroll" until
you get a "no access" result because that tells you that such a file exists.
Now you can attack it..! So this might be an application of that general
principle.
--
Phil Wilson
The Definitive Guide to Windows Installer
http://www.apress.com/book/view/1590592972

<jehuga...@gmail.com> wrote in message
news:35819941-0daf-4e90...@m3g2000yqf.googlegroups.com...

[Jeff Johnson]

<jehuga...@gmail.com> wrote in message
news:35819941-0daf-4e90...@m3g2000yqf.googlegroups.com...

> My executable can't call Directory.GetAccessControl on a directory it

> doesn't have rights to (System Volume Information). That blows my
> mind! Is there a way to find out whether I have rights without
> handling an exception?

Exceptions are just information. Use that information to your advantage
instead of trying to avoid it.

[Peter Duniho]

Well, to be fair: the cost of an exception could be significant if the
code is trying to examine a large number of directories in a short
period of time. If there were an alternative, it might be worth looking
into.

However, as Phil points out, not being able to get information about a
directory the code doesn't have access rights for is a security feature,
and a potentially important one at that.

Pete

[jehuga...@gmail.com]

On Dec 14, 5:16 pm, Peter Duniho <no.peted.s...@no.nwlink.spam.com>
wrote:
> Jeff Johnson wrote:
> > <jehugalea...@gmail.com> wrote in message

Well, here is a dumb question: When I say Directory.GetDirectories, it
will return System Volume Information. If I can see that it is in my
directory, why shouldn't I be able to get access information for it?

[Peter Duniho]

jehuga...@gmail.com wrote:
> Well, here is a dumb question: When I say Directory.GetDirectories, it
> will return System Volume Information. If I can see that it is in my
> directory, why shouldn't I be able to get access information for it?

It just depends on the access settings. If someone has set the access
settings to prohibit the retrieval of access settings for a specific
process, that process can't get the access settings.

Sometimes the information of who _is_ allowed to access a given file is
in and of itself sensitive information. Even the information of who
else is not allowed could be, in fact.

If you feel that there's no good reason for users without actual access
to the file to be restricted from looking at the access settings, you
could ask the admin to change the settings for that file, to allow
unrestricted access to the access settings.

Pete

[jehuga...@gmail.com]

On Dec 14, 5:42 pm, Peter Duniho <no.peted.s...@no.nwlink.spam.com>
wrote:

Hmm. Like I said, it is purely academic. I was playing around with F#
today, trying to make a simple recursive file navigator. I was hoping
for an elegant way of navigating directories, without using the built
in GetFiles methods, obviously. Thanks all!

[Arne Vajhøj]

Exceptions are great, but should only be used for exceptional
situations not for an expected situation.

Not so much for performance but for clarity in code.

Whether the specific case is an exceptional or expected
situation I will leave to the original poster.

Arne