Full Disclosure mailing list archives
Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
From: coderman <coderman () gmail com>
Date: Tue, 6 Mar 2012 17:12:04 -0800
On Tue, Mar 6, 2012 at 1:46 PM, Mark Krenz <mark () suso com> wrote:
Title: Gnome terminal, xfce4-terminal, terminator and other libVTE based terminals write scrollback buffer data to /tmp filesystem
temp data in /tmp ? i'm shocked, SHOCKED! *cough*
Worse case scenario: Classified, secret or medical information that was accessed through a terminal window was thought to be safe because it was on a remote server and only accessed via SSH
people in this scenario have bigger concerns to worry about given their lack of understanding re: operating systems and application software.
Some may not consider this a bug and make the excuse that your terminal's memory stack may end up in swap anyways, or that only root would have access to the data or that you should encrypt /tmp.
correction: one must always use full-disk encryption. anything less is fail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Mark Krenz (Mar 06)
- Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk coderman (Mar 06)