Hi,

I noticed that getdents() "leaks" information about deleted files in a
given directory (their filename and type). While this is actually
documented in the relevant manual page, I think it can be a problem.

Say, you had a restricted directory that contained files you did not
want other users to know about, and then deleted these files to allow
more users in. Those deleted filenames are still likely to be seen (not
their content of course) by anyone having read access to the directory.
To me it's a (twisted) case of information disclosure.

Do you think this is worth a problem report, and that it should be removed?

I can provide a quick proof of concept tool to illustrate this on
request. I also tested it on Linux, and could not confirm this behavior
there. I did not try other BSDs yet.

Cheers,
-- 
khorben