| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJVRA1Tax_Gvakbyrg_ZiDLC4K+QmYQqn__qCFLW02+P+sA-Gw@mail.gmail.com> Date: Tue, 6 Mar 2012 17:12:04 -0800 From: coderman <coderman@...il.com> To: Mark Krenz <mark@...o.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk On Tue, Mar 6, 2012 at 1:46 PM, Mark Krenz <mark@...o.com> wrote: > Title: Gnome terminal, xfce4-terminal, terminator and other libVTE based > terminals write scrollback buffer data to /tmp filesystem temp data in /tmp ? i'm shocked, SHOCKED! *cough* > Worse case scenario: > Classified, secret or medical information that was accessed through a > terminal window was thought to be safe because it was on a remote server > and only accessed via SSH people in this scenario have bigger concerns to worry about given their lack of understanding re: operating systems and application software. > Some may not consider this a bug and make the excuse that your > terminal's memory stack may end up in swap anyways, or that only root > would have access to the data or that you should encrypt /tmp. correction: one must always use full-disk encryption. anything less is fail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists