D.C. van Moolenbroek writes: > Generally I suppose it's a bad idea to put something sensitive in a > filename, Well most file names have some relation to the content (and often, type). Like with traffic analysis, gaining knowledge of meta-data can give an attacker significant information. For those with poor paranoia and/or imagination, picture the Chinese goverment discovering a deleted falungong.htm (maybe you had saved <URL:http://www.religioustolerance.org/falungong.htm> before and later deleted it). My gov't would probably question you closely about a deleted mein_kampf.pdf, etc. Usually goverment-level adversaries could just as well take the harddisk and get the content, too, but maybe they care about stealth and only have a uid nobody exploit to work with, or you did remember to wipe the content before deleting... To sum it up: this is an information leak, it is (IMO) trivial to fix by making unlink nix out the filename, so it should be fixed. > but what do the other bytes represent, that show up in the hexdump? There has to be some space for the inode number, and maybe some flag bits (e.g. to mark deleted files). -- Robbe
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 09:27:42 PDT