Re: spying (deleted) file entries in other users' directories

From: FozZy (fozzyat_private)
Date: Sun Jun 23 2002 - 08:59:36 PDT

  • Next message: Filipe Almeida: "Re: Another flaw in Apache?"

    Bob,
    
    Maybe I was not very clear. I am not talking about reading contents of deleted files (what can be achieved, but only by the super-user), i am talking about an unpriviledged user reading the content of a world-readable *directory file* ("cat somedir") and thus being able to see the filenames contained into the directory (which is normal behavior) but also the names of the *deleted* files (very silly example of why it can be an issue: do you want everybody to know you uploaded XXX or warez stuff someday into your home directory ? ;)
    
    FozZy
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 09:04:53 PDT