On Tue, Mar 6, 2012 at 1:46 PM, Mark Krenz <[email protected]> wrote: > Title: Gnome terminal, xfce4-terminal, terminator and other libVTE based > terminals write scrollback buffer data to /tmp filesystem
temp data in /tmp ? i'm shocked, SHOCKED! *cough* > Worse case scenario: > Classified, secret or medical information that was accessed through a > terminal window was thought to be safe because it was on a remote server > and only accessed via SSH people in this scenario have bigger concerns to worry about given their lack of understanding re: operating systems and application software. > Some may not consider this a bug and make the excuse that your > terminal's memory stack may end up in swap anyways, or that only root > would have access to the data or that you should encrypt /tmp. correction: one must always use full-disk encryption. anything less is fail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
