Re: spying (deleted) file entries in other users' directories

From: bad bob (sfmc68at_private)
Date: Sat Jun 22 2002 - 18:36:21 PDT

Next message: Jedi/Sector One: "Re: Another flaw in Apache?"

Previous message: Michal Zalewski: "Re: Another flaw in Apache?"
In reply to: FozZy: "spying (deleted) file entries in other users' directories"
Next in thread: FozZy: "Re: spying (deleted) file entries in other users' directories"
Reply: FozZy: "Re: spying (deleted) file entries in other users' directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FozZy,
I am sorry, but I might be misunderstanging what you are saying.
If you change the filepermission in unix/linux, to readable by world,
yeah, they can see file names and the files.  BUt you seem to be
talking about changing the permissions at the directory level, 
and not the file level (admittedly, yse, directory is a file).

I don't understand about the deleted files that you mention as being
readable, after they are deleted.  While you can say this is not a 
new vulnerability, if this really is how things aer working today,
then this is a re-occurance of an old and known vulnerabiliity that
was fixed at least at one time.

I am going to have to spend some time testing this to see if it is
repeatable with file level permissions and directory level - and
deleted files.  If it is, this is a problem on at least small systems
and maybe on large ones too.

thanks!!
bob

Next message: Jedi/Sector One: "Re: Another flaw in Apache?"
Previous message: Michal Zalewski: "Re: Another flaw in Apache?"
In reply to: FozZy: "spying (deleted) file entries in other users' directories"
Next in thread: FozZy: "Re: spying (deleted) file entries in other users' directories"
Reply: FozZy: "Re: spying (deleted) file entries in other users' directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 22:21:13 PDT