ETag leaking inode info

[Robin Wood <robin () digininja org>]

I've had both Nikto and Nessus recently report Apache ETags leaking
inode information for example in the Nikto output below:

<description><![CDATA[Server leaks inodes via ETags, header found with
file /icons/README, inode: 491605, size: 4872, mtime:
0xbd8ce4c0]]></description>

I understand that knowing the size and access time is a bit of info
leakage but the stress is on the inode, can anyone explain why this is
so bad? What can an attacker how knows an inode value do with it? I'd
have thought if they had enough access to a machine to be accessing at
the inode level then they would have full file system access anyway.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com