On Fri, 15 Aug 2008 22:22:16 +0000
Wayne Feick <waf@brunz.org> wrote:

> I'd consider it a security bug to allow a user to see any bytes beyond
> what was written to the file since:
>
> 1. Some ilesystems store multiple small files in the same block.
> 2. Some (most?) filesystems don't zero out blocks when they are
> reallocated.
>
> Either of the above could allow you to see things you shouldn't.

Which is why the kernel won't let you. What is on disk may vary but the
actual kernel interfaces deal with actual file sizes. Any holes you
create when extending it contain zeros

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Thanks, Alan.

I figured that was the case, but it's good to get confirmation from
someone who knows.


On Sat, 2008-08-16 at 09:37 +0100, Alan Cox wrote:
> On Fri, 15 Aug 2008 22:22:16 +0000
> Wayne Feick <waf@brunz.org> wrote:
>
> > I'd consider it a security bug to allow a user to see any bytes beyond
> > what was written to the file since:
> >
> > 1. Some ilesystems store multiple small files in the same block.
> > 2. Some (most?) filesystems don't zero out blocks when they are
> > reallocated.
> >
> > Either of the above could allow you to see things you shouldn't.
>
> Which is why the kernel won't let you. What is on disk may vary but the
> actual kernel interfaces deal with actual file sizes. Any holes you
> create when extending it contain zeros


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list