Security issue in Terminal
Guido Berhoerster
gber at opensuse.org
Thu Mar 8 19:53:15 CET 2012
* Kevin Chadwick <ma1l1ists at yahoo.co.uk> [2012-03-08 19:16]:
> When memory is initialised, because it's a fast inexpensive operation
> the old memory is cleared. The data on filesystems is left around when
> deleted as overwriting is expensive, you need root to access the device
> directly but I believe all a user has to do is wait and create an empty
> file the size of /tmp and run strings on it. I'd have to look up how
> to do that again to prove it but I know you can create a large empty
> file without writing.
No, that does not work, the filesystem layer will initialize
allocated blocks (everything else would be a glaring security
issue on the kernel level) or might transparently create a sparse
file.
--
Guido Berhoerster
More information about the Xfce
mailing list