Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: spying (deleted) file entries in other users' directories

From: bad bob <sfmc68 () bellatlantic net>
Date: Sat, 22 Jun 2002 21:36:21 -0400
FozZy,
I am sorry, but I might be misunderstanging what you are saying.
If you change the filepermission in unix/linux, to readable by world,
yeah, they can see file names and the files.  BUt you seem to be
talking about changing the permissions at the directory level, 
and not the file level (admittedly, yse, directory is a file).

I don't understand about the deleted files that you mention as being
readable, after they are deleted.  While you can say this is not a 
new vulnerability, if this really is how things aer working today,
then this is a re-occurance of an old and known vulnerabiliity that
was fixed at least at one time.

I am going to have to spend some time testing this to see if it is
repeatable with file level permissions and directory level - and
deleted files.  If it is, this is a problem on at least small systems
and maybe on large ones too.

thanks!!
bob
Previous By Date Next
Previous By Thread Next

Current thread: