tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: open()ing a directory without O_DIRECTORY

In article <>,
Aymeric Vincent  <> wrote:
>There is no trivial way to get rid of this no longer valid contents,
>since for good reason you can't write to a directory as a file. You have
>to re-create it (not always possible due to permissions) or create long
>entries until your data disappears... :-/

Why? The kernel can just zero out the deleted dirents. Yes, users
can't and should not write to directories, if you want to avoid
the data disclosure fix it in the kernel!


Home | Main Index | Thread Index | Old Index