Re: spying (deleted) file entries in other users' directories

From: Robert Bihlmeyer (robbeat_private)
Date: Tue Jun 25 2002 - 02:18:11 PDT

  • Next message: KF: "Re: Java and buffer overflows"

    D.C. van Moolenbroek writes:
    
    > Generally I suppose it's a bad idea to put something sensitive in a
    > filename,
    
    Well most file names have some relation to the content (and often,
    type). Like with traffic analysis, gaining knowledge of meta-data can
    give an attacker significant information.
    
    For those with poor paranoia and/or imagination, picture the Chinese
    goverment discovering a deleted falungong.htm (maybe you had saved
    <URL:http://www.religioustolerance.org/falungong.htm> before and later
    deleted it). My gov't would probably question you closely about a
    deleted mein_kampf.pdf, etc.
    
    Usually goverment-level adversaries could just as well take the
    harddisk and get the content, too, but maybe they care about stealth
    and only have a uid nobody exploit to work with, or you did remember
    to wipe the content before deleting...
    
    To sum it up: this is an information leak, it is (IMO) trivial to fix
    by making unlink nix out the filename, so it should be fixed.
    
    > but what do the other bytes represent, that show up in the hexdump?
    
    There has to be some space for the inode number, and maybe some flag
    bits (e.g. to mark deleted files).
    
    -- 
    Robbe
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 09:27:42 PDT