Full Disclosure mailing list archives

Re: Syscall implementation could lead to whether or not a file exists

From: Arjan van de Ven <arjanv () redhat com>
Date: 07 Apr 2003 12:47:00 +0200

On Wed, 2003-04-02 at 21:19, Andrew Griffiths wrote:

Product: Linux and various other kernels
Tested:
      - RedHat kernel 2.4.18-26.7.x (second latest ;))
      - RedHat kernel 2.4.18-27.7.x
      - Debian 3.0 box
      - FreeBSD 4.4

Description:

      Due to the implementation of various system calls,  it becomes
      possible to test whether or not a file exists in a directory
      that is unreadable.


.. by calling lstat(2).  Ability to do lookup is controlled by _exec_
permissions, not read ones.

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Syscall implementation could lead to whether or not a file exists Andrew Griffiths (Apr 04)
- Re: Syscall implementation could lead to whether or not a file exists Pavel Machek (Apr 06)
  - Re: Re: Syscall implementation could lead to whether or not a file exists andrewg (Apr 06)
- Re: Syscall implementation could lead to whether or not a file exists Arjan van de Ven (Apr 07)