Re: truncate shows non zero data beyond the end of the inode with MAP_SHARED

[William Lee Irwin III]

On Fri, Sep 17, 2004 at 03:49:18PM +0200, Helge Hafting wrote:
> I am not talking about someone  accidentally stumbling onto
> something.  I was worried about someone deliberately
> trying to exploit this - such people look at data above i_size
> _because they can_, hoping to find something interesting there.
> Something they cannot get at normally.
> I am assuming that the "garbage" between i_size and the
> page boundary is stuff left over from whatever that
> memory page was used for earlier?  If so, it could be
> 4095 bytes out of the 4096 that was used to cache some
> other file earlier.  Possibly someone else's confidential file. 
> Or a piece of some network package that was processed a while ago.

This issue is only of userspace data leaking into pagecache at file
offsets just beyond where the end of a file formerly was (no further
than the former last page, but beyond the former end of the file), not
kernel data leaking to userspace.


-- wli
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/