lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: 07 Apr 2003 12:47:00 +0200
From: Arjan van de Ven <arjanv@...hat.com>
To: Andrew Griffiths <andrewg@...net.au>
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Re: Syscall implementation could lead to whether
	or not a file exists

On Wed, 2003-04-02 at 21:19, Andrew Griffiths wrote:
> Product: Linux and various other kernels
> Tested:
> 	- RedHat kernel 2.4.18-26.7.x (second latest ;))
> 	- RedHat kernel 2.4.18-27.7.x
> 	- Debian 3.0 box
> 	- FreeBSD 4.4
> 
> Description:
> 
> 	Due to the implementation of various system calls,  it becomes
> 	possible to test whether or not a file exists in a directory
> 	that is unreadable.

.. by calling lstat(2).  Ability to do lookup is controlled by _exec_
permissions, not read ones.

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ