Re: spying (deleted) file entries in other users' directories

From: FozZy (fozzyat_private)
Date: Sun Jun 23 2002 - 08:59:36 PDT

Next message: Filipe Almeida: "Re: Another flaw in Apache?"

Previous message: Alexander Yurchenko: "Re: Another flaw in Apache?"
In reply to: bad bob: "Re: spying (deleted) file entries in other users' directories"
Next in thread: bad bob: "Re: spying (deleted) file entries in other users' directories"
Reply: bad bob: "Re: spying (deleted) file entries in other users' directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bob,

Maybe I was not very clear. I am not talking about reading contents of deleted files (what can be achieved, but only by the super-user), i am talking about an unpriviledged user reading the content of a world-readable *directory file* ("cat somedir") and thus being able to see the filenames contained into the directory (which is normal behavior) but also the names of the *deleted* files (very silly example of why it can be an issue: do you want everybody to know you uploaded XXX or warez stuff someday into your home directory ? ;)

FozZy

Next message: Filipe Almeida: "Re: Another flaw in Apache?"
Previous message: Alexander Yurchenko: "Re: Another flaw in Apache?"
In reply to: bad bob: "Re: spying (deleted) file entries in other users' directories"
Next in thread: bad bob: "Re: spying (deleted) file entries in other users' directories"
Reply: bad bob: "Re: spying (deleted) file entries in other users' directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 09:04:53 PDT