Re: spying (deleted) file entries in other users' directories
From: FozZy (fozzy@dmpfrance.com)Date: 06/23/02
- Previous message: Filipe Almeida: "Re: Another flaw in Apache?"
- In reply to: bad bob: "Re: spying (deleted) file entries in other users' directories"
- Next in thread: bad bob: "Re: spying (deleted) file entries in other users' directories"
- Reply: bad bob: "Re: spying (deleted) file entries in other users' directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 Jun 2002 17:59:36 +0200 From: FozZy <fozzy@dmpfrance.com> To: bad bob <sfmc68@bellatlantic.net>
Bob,
Maybe I was not very clear. I am not talking about reading contents of deleted files (what can be achieved, but only by the super-user), i am talking about an unpriviledged user reading the content of a world-readable *directory file* ("cat somedir") and thus being able to see the filenames contained into the directory (which is normal behavior) but also the names of the *deleted* files (very silly example of why it can be an issue: do you want everybody to know you uploaded XXX or warez stuff someday into your home directory ? ;)
FozZy
- Previous message: Filipe Almeida: "Re: Another flaw in Apache?"
- In reply to: bad bob: "Re: spying (deleted) file entries in other users' directories"
- Next in thread: bad bob: "Re: spying (deleted) file entries in other users' directories"
- Reply: bad bob: "Re: spying (deleted) file entries in other users' directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
