[Geany] Fwd: Security issue in Terminal
Dimitar Zhekov
dimitar.zhekov at xxxxx
Thu Mar 8 20:40:11 UTC 2012
On Wed, 07 Mar 2012 15:19:42 -0800
Matthew Brush <mbrush at codebrainz.ca> wrote:
> Just forwarding this along from the Xfce list as Geany (and many other
> programs) also use this same library for the Terminal feature. I'm not
> convinced it's a big deal, but none-the-less users should be aware of
> it. See the link in the forwarded message for more information.
If one considers this a "high severity" problem, then no program should
ever create a /tmp file with sensitive data. But wait, what about the
regular files?.. If they are deleted only, strings /dev/sda2 will
reveal them too, and same goes for swap... In fact, /tmp are probably
the safest. And of course, the proposed shred and dd "solutions" are
useless for SSD.
I'm not surprised that the authors of libvte rejected this bug. Though
writing the scrollback buffer to a file is weird...
--
E-gards: Jimmy
More information about the Users
mailing list