Mailinglist Archive: opensuse (1480 mails)

< Previous Next >
[opensuse] Data Breach Flaw Found Gnome-terminal, Xfce Terminal and Terminator
Hi All,

Just an FYI:

http://linux.slashdot.org/story/12/03/08/1441215/data-breach-flaw-found-in-gnome-terminal-xfce-terminal-and-terminator

Data Breach Flaw Found In Gnome-terminal, Xfce Terminal and Terminator
Posted by timothy on Thursday March 08, @10:50AM

from the so-it-can-be-fixed-now dept.

suso writes "A design flaw in the VTE library was published this week(1). The
VTE library provides the terminal widget and manages the scrollback buffer in
many popular terminal emulators including gnome-terminal, xfce4-terminal,
terminator and guake. Due to this flaw, your scrollback buffer ends up on your
/tmp filesystem over time and can be viewed by anyone who gets ahold of your
hard drive. Including data passed back through an SSH connection. A
demonstration video(2) was also made to make the problem more obvious. Anyone
using these terminals or others based on libVTE should be aware of this issue
as it even writes data passed back through an SSH connection to your local
disk. Instructions are also included for how to properly deal with the leaked
data on your hard drive. You are either encouraged to switch terminals and/or
start using tmpfs for your /tmp partition until the library is fixed."

[1] http://climagic.org/bugreports/libvte-scrollback-written-to-disk.html
[2] http://www.youtube.com/watch?v=LgNLHskYvVE
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >