Re: spying (deleted) file entries in other users' directories

[Robert Bihlmeyer <robbe () orcus priv at>]

D.C. van Moolenbroek writes:

> Generally I suppose it's a bad idea to put something sensitive in a
> filename,

Well most file names have some relation to the content (and often,
type). Like with traffic analysis, gaining knowledge of meta-data can
give an attacker significant information.

For those with poor paranoia and/or imagination, picture the Chinese
goverment discovering a deleted falungong.htm (maybe you had saved
<URL:http://www.religioustolerance.org/falungong.htm> before and later
deleted it). My gov't would probably question you closely about a
deleted mein_kampf.pdf, etc.

Usually goverment-level adversaries could just as well take the
harddisk and get the content, too, but maybe they care about stealth
and only have a uid nobody exploit to work with, or you did remember
to wipe the content before deleting...

To sum it up: this is an information leak, it is (IMO) trivial to fix
by making unlink nix out the filename, so it should be fixed.

> but what do the other bytes represent, that show up in the hexdump?

There has to be some space for the inode number, and maybe some flag
bits (e.g. to mark deleted files).

-- 
Robbe