PaulDotCom mailing list archives
Re: ETag leaking inode info
From: Robin Wood <robin () digininja org>
Date: Thu, 27 Sep 2012 23:10:36 +0100
On 20 September 2012 21:22, Robin Wood <robin () digininja org> wrote:
I've had both Nikto and Nessus recently report Apache ETags leaking inode information for example in the Nikto output below: <description><![CDATA[Server leaks inodes via ETags, header found with file /icons/README, inode: 491605, size: 4872, mtime: 0xbd8ce4c0]]></description> I understand that knowing the size and access time is a bit of info leakage but the stress is on the inode, can anyone explain why this is so bad? What can an attacker how knows an inode value do with it? I'd have thought if they had enough access to a machine to be accessing at the inode level then they would have full file system access anyway. Robin
Seeing as I've had no answers I'll answer myself... I asked a lot of people this question while at Brucon and no one managed to come up with a good reason why knowing the inode is a really bad thing. We all agree that we should avoid leaking information wherever possible but no one managed to come up with a good use for a leaked inode. If anyone wants to disagree please shout up. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- ETag leaking inode info Robin Wood (Sep 20)
- Re: ETag leaking inode info Robin Wood (Sep 27)
- Re: ETag leaking inode info Josh More (Sep 27)
- Re: ETag leaking inode info Robin Wood (Sep 29)
- Re: ETag leaking inode info Josh More (Sep 27)
- Re: ETag leaking inode info Robin Wood (Sep 27)