Path: utzoo!telecom-request Date: Wed, 1 May 1991 13:25:46 GMT From: Syd Weinstein Newsgroups: comp.dcom.telecom Subject: Re: Prodigy or Fraudigy ??? Reply-To: syd@dsi.com Message-ID: Organization: Datacomp Systems, Inc. Huntingdon Valley, PA Sender: Telecom@eecs.nwu.edu Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 324, Message 4 of 10 Lines: 33 Toby Nixon writes: > It's great fun on a multi-user > computer to open a new file for random access, and do a write to an > arbitrarily high record number -- the system allocates all of the > unused space in between to you, but doesn't erase it, so you can > merrily read through everything that the other users of the system > supposedly "deleted". If you're on a multiuser system, always use an > "erase" program that actually overwrites your files rather than just > deleting them, or everything you delete will be available to other > users of the system. I know its off the topic, but ... if you are on a multi-user system and this technique works for you ... switch. That is terrible security and the vendor deserves not to be in business (don't name names, I know several which work this way). Since most of our multi-user readers are on UNIX, this trick will not work on UNIX systems. Two reasons: First, UNIX does not allocate the intervening space in the file. It just allocates the blocks you write to. The OS returns 0's for all other blocks read that are not yet allocated. Second, UNIX does not write partial sectors, nor depend on the contents of the file to mark end of file. However, root using the raw partition can always farm the free space looking for interesting info, but then it can also look at all the files and look for interesting info too. Sydney S. Weinstein, CDP, CCP Elm Coordinator Datacomp Systems, Inc. Voice: (215) 947-9900 syd@DSI.COM or dsinc!syd FAX: (215) 938-0235