Re: spying (deleted) file entries in other users' directories

From: bad bob (sfmc68at_private)
Date: Sat Jun 22 2002 - 18:36:21 PDT

  • Next message: Jedi/Sector One: "Re: Another flaw in Apache?"

    FozZy,
    I am sorry, but I might be misunderstanging what you are saying.
    If you change the filepermission in unix/linux, to readable by world,
    yeah, they can see file names and the files.  BUt you seem to be
    talking about changing the permissions at the directory level, 
    and not the file level (admittedly, yse, directory is a file).
    
    I don't understand about the deleted files that you mention as being
    readable, after they are deleted.  While you can say this is not a 
    new vulnerability, if this really is how things aer working today,
    then this is a re-occurance of an old and known vulnerabiliity that
    was fixed at least at one time.
    
    I am going to have to spend some time testing this to see if it is
    repeatable with file level permissions and directory level - and
    deleted files.  If it is, this is a problem on at least small systems
    and maybe on large ones too.
    
    thanks!!
    bob
    



    This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 22:21:13 PDT