On 05.10.2017 19:12, Daniel Shahaf wrote: > Branko Čibej wrote on Thu, 05 Oct 2017 18:44 +0200: >> On 05.10.2017 16:46, Julian Foad wrote: >>> Calculation of a directory's hash would have to happen for each >>> directory where the user has mixed access to the immediate children, >>> and for all parents of such a directory up to the root. >> And /that/ is the painful part: the fact that you need a depth-first >> traversal of the tree in order to calculate the hash for the root >> directory. And the reason why we're not exposing the directory hash, >> even if the FS stores it. > What if we only returned a checksum for nodes to which the user had full > recursive access? E.g., with "[/A/B] *=", the caller would be able to > retrieve > checksums for /A/C, /A/D, /A/mu, and /A's property hash, and for descendants > of the first two, but that's it.
That would leak permission settings. A user would know that she only sees a partial directory merely by checking for the presence of the directory checksum. -- Brane
