ken@cs.toronto.edu (Ken Lalonde) (02/16/90)
Unused space in newly created directories under IRIX 3.2 appears to contain data leftover from recently removed files. When I run the following a few times on two of our 4D machines and one PI (all with /tmp on the root SCSI disk), the "cat -v foo" prints part of the passwd file. % cd /tmp % cp /etc/passwd . # any large text file will do % rm passwd % mkdir foo % cat -v foo Bad news if you care about filesystem security.
merritt@iris613.gsfc.nasa.gov (John H Merritt) (02/16/90)
In article <90Feb15.191156est.6155@neat.cs.toronto.edu> ken@cs.toronto.edu (Ken Lalonde) writes: > > % cd /tmp > % cp /etc/passwd . # any large text file will do > % rm passwd > % mkdir foo > % cat -v foo > >Bad news if you care about filesystem security. Poor example, but the point is illustrated. I could not read the Ex.... files that 'vi' uses with the above technique. What I could do was read part of someone elses (mode 600) file that was placed there and removed. So we need a deamon that sits in /tmp waiting for files to be deleted :-), How do we monitor /tmp files? No! No! No! don't answer this; this discussion showed up in comp.unix.wizards. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ John H. Merritt # Yesterday I knew nothing, Applied Research Corporation # Today I know that. merritt@iris613.gsfc.nasa.gov #
yohn@tumult.sgi.com (Mike Thompson) (02/17/90)
In article <90Feb15.191156est.6155@neat.cs.toronto.edu>, ken@cs.toronto.edu (Ken Lalonde) writes: > Unused space in newly created directories under IRIX 3.2 appears to > contain data leftover from recently removed files. When I run the > following a few times on two of our 4D machines and one PI (all with > /tmp on the root SCSI disk), the "cat -v foo" prints part of the passwd file. > > % cd /tmp > % cp /etc/passwd . # any large text file will do > % rm passwd > % mkdir foo > % cat -v foo > > Bad news if you care about filesystem security. Yes, bad news. This has been fixed in the next-release software. Mike Thompson