Vulnerability Development mailing list archives
Re: spying (deleted) file entries in other users' directories
From: "D.C. van Moolenbroek" <xanadu () chello nl>
Date: Mon, 24 Jun 2002 11:47:16 +0200
Hi there,
I saw this for the first time 3 years ago on a SunOS system while doing
"cat /root" as a user. I don't know if current Sun systems are patched or not. Solaris 8 is vulnerable at least, the scenario you attached works on Solaris 8 exactly the same way...don't know about Solaris 9. On a sidenote, IRIX is not vulnerable. $ uname -svr SunOS 5.8 Generic_108528-14 Note that on my system, reading doesn't work on /tmp ("input error: Invalid argument"); it seems to work on all other directories though. Generally I suppose it's a bad idea to put something sensitive in a filename, but what do the other bytes represent, that show up in the hexdump? -David -- class sig{static void main(String[]s){for// D.C. van Moolenbroek (int _=0;19>_;System.out.print((char)(52^// (CS student, VU, NL) "Y`KbddaZ}`P#KJ#caBG".charAt(_++)-9)));}}// -Java sigs look bad-
Current thread:
- spying (deleted) file entries in other users' directories FozZy (Jun 22)
- Re: spying (deleted) file entries in other users' directories bad bob (Jun 22)
- Re: spying (deleted) file entries in other users' directories FozZy (Jun 23)
- Re: spying (deleted) file entries in other users' directories bad bob (Jun 23)
- Re: spying (deleted) file entries in other users' directories FozZy (Jun 23)
- Re: spying (deleted) file entries in other users' directories D.C. van Moolenbroek (Jun 24)
- Re: spying (deleted) file entries in other users' directories Valdis . Kletnieks (Jun 26)
- Re: spying (deleted) file entries in other users' directories Robert Bihlmeyer (Jun 26)
- RE: spying (deleted) file entries in other users' directories Maximiliano PĂ©rez (Jun 28)
- Re: spying (deleted) file entries in other users' directories bad bob (Jun 22)