tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: open()ing a directory without O_DIRECTORY (Christos Zoulas) writes:

> In article <>,
> Aymeric Vincent  <> wrote:
>>There is no trivial way to get rid of this no longer valid contents,
>>since for good reason you can't write to a directory as a file. You have
>>to re-create it (not always possible due to permissions) or create long
>>entries until your data disappears... :-/
> Why? The kernel can just zero out the deleted dirents.

Forgot to mention: "in the current situation". And yes, that's exactly
what I think, probably the alternative is

 - zero out on unlink() so that the data is no longer on the disk
   (Everybody seems to have expressed preference for this solution but I
   think this requires changing all the affected filesystems)
 - zero out in getdents() so that the data cannot be accessed without
   accessing the raw device, mimicking the behaviour of unlink for the
   data: data still present on disk but not accessible without accessing
   the raw device. (This requires forbidding read() and similar on

> Yes, users can't and should not write to directories, if you want to
> avoid the data disclosure fix it in the kernel!

Obviously yes, as far as I understand we are only talking about kernel
APIs or behaviour here.


Home | Main Index | Thread Index | Old Index