Grok Learning - Information Disclosure

Grok Learning - Security

  • /run/lock is world-writable, so sandbox users could store files in this directory. Files in this directory would persist until the server is rebooted.
  • A submitted program can write the test data for "hidden cases" - which should not be visible to the user - to /run/lock
  • The program can then read and display the contents of written files and revealing the test data for these hidden cases