cat /directory shows a (somewhat messy) list of files in a directory (even removed files)

joerg at britannica.bec.de joerg at britannica.bec.de
Sun Mar 26 23:37:04 PST 2006


On Sun, Mar 26, 2006 at 12:00:50PM +0200, Robert Sebastian Gerus wrote:
> 
> Expected results:
> nothing or a ls-like list of files

Get a UNIX history book talking about the introduction of opendir ages
ago and the discussions why allowing open(2) and read(2) can be allowed
or not. In summary, you have to have read access to the directory and
file names should not store sensitive information. Other users could
have seen the file otherwise anyway.

Also keep in mind that most filesystems internally do this anyway.
To protetc against basic forensic, nothing but overwriting the directory
(which can be quite difficult :-)) helps.

Joerg





More information about the Bugs mailing list