Vulnerability Development mailing list archives
Re: spying (deleted) file entries in other users' directories
From: Robert Bihlmeyer <robbe () orcus priv at>
Date: Tue, 25 Jun 2002 11:18:11 +0200 (CEST)
D.C. van Moolenbroek writes:
Generally I suppose it's a bad idea to put something sensitive in a filename,
Well most file names have some relation to the content (and often, type). Like with traffic analysis, gaining knowledge of meta-data can give an attacker significant information. For those with poor paranoia and/or imagination, picture the Chinese goverment discovering a deleted falungong.htm (maybe you had saved <URL:http://www.religioustolerance.org/falungong.htm> before and later deleted it). My gov't would probably question you closely about a deleted mein_kampf.pdf, etc. Usually goverment-level adversaries could just as well take the harddisk and get the content, too, but maybe they care about stealth and only have a uid nobody exploit to work with, or you did remember to wipe the content before deleting... To sum it up: this is an information leak, it is (IMO) trivial to fix by making unlink nix out the filename, so it should be fixed.
but what do the other bytes represent, that show up in the hexdump?
There has to be some space for the inode number, and maybe some flag bits (e.g. to mark deleted files). -- Robbe
Current thread:
- spying (deleted) file entries in other users' directories FozZy (Jun 22)
- Re: spying (deleted) file entries in other users' directories bad bob (Jun 22)
- Re: spying (deleted) file entries in other users' directories FozZy (Jun 23)
- Re: spying (deleted) file entries in other users' directories bad bob (Jun 23)
- Re: spying (deleted) file entries in other users' directories FozZy (Jun 23)
- Re: spying (deleted) file entries in other users' directories D.C. van Moolenbroek (Jun 24)
- Re: spying (deleted) file entries in other users' directories Valdis . Kletnieks (Jun 26)
- Re: spying (deleted) file entries in other users' directories Robert Bihlmeyer (Jun 26)
- RE: spying (deleted) file entries in other users' directories Maximiliano PĂ©rez (Jun 28)
- Re: spying (deleted) file entries in other users' directories bad bob (Jun 22)