LKML Archive on
help / color / mirror / Atom feed
From: Andi Kleen <>
To: Steve French <>
Cc: Andi Kleen <>, simo <>,,,
Subject: Re: [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS clientg
Date: Sun, 20 Jan 2008 00:25:49 +0100	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Sat, Jan 19, 2008 at 04:55:53PM -0600, Steve French wrote:
> On Jan 19, 2008 4:30 PM, Andi Kleen <> wrote:
> > On Sat, Jan 19, 2008 at 04:06:57PM -0600, Steve French wrote:
> > > The access denied message in the dmesg log reveals no more information
> > > than strace on stat of a local file does (which also returns access
> >
> > You can't strace a process you don't own. And you might not be able
> > to access the directory below which the file is.
> If you can't access the directory that the file is in then you get
> access denied on stat of the file (local over ext3 or remote over
> cifs) - it does not tell you anything about whether the file existed
> or not.  If you do "stat
> /mnt/dir-with-0700-perm/file-which-does-not-exist"  I get access
> denied.  I don't think that it really tells you anything interesting
> since the same error comes back whether or not the file existed.

The problem is that the file name ends up in the log for everybody to
read even if they're totally unrelated. So if someone in a protected directory
tree where they have access to does something that is denied the
file names will still leak to everybody else to the log.

e.g. more concrete example. you do something and get that message.

Now even 'nobody" running in a chroot will know that you tried
that and that at least parts of the file name likely exist.

That is an information leak and imho a privacy problem.

> Other unexpected errors (e.g. -EIO) should be logged because they
> indicate possibly severe problems with the network, but also don't
> tell you anything about whether the file exists.

Sure errors should be logged, but not with path names. 


  reply	other threads:[~2008-01-19 23:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-19  4:55 [PATCH] Remove information leak in Linux CIFS client Andi Kleen
2008-01-19  8:18 ` [linux-cifs-client] " simo
2008-01-19 22:06   ` Steve French
2008-01-19 22:30     ` [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS clientg Andi Kleen
2008-01-19 22:55       ` Steve French
2008-01-19 23:25         ` Andi Kleen [this message]
2008-01-20  0:32           ` Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \
    --subject='Re: [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS clientg' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).