On Wed, Jul 25, 2007 at 10:57:53PM -0700, Bill Stouder-Studenmund wrote:
> We should check, but I doubt there is a security issue here. All you're=
=20
> going to find is anything extra you scribbled while the page was in cache=
.=20
> And you have to have write access to do that, so you could have written=
=20
> the file anyway.

Sure, but anyone with read access can see that data.  You don't need write
access for that.  You can even do it with cp:

=2E/a.out   # run my test program
perl -e 'truncate("test", 16);'    # make the file one byte longer
cp test test2

And if you take a look at test2: ("jodi: " is my shell prompt)
jodi: cat test2
12345123451234
Rjodi:

Even worse:
jodi: cat test
12345123451234
Rjodi:

eric