Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
GNOME

Submission + - Data breach flaw found in gnome-terminal, xfce terminal and terminator (climagic.org)

suso writes: A design flaw in the VTE library was published this week. The VTE library provides the terminal widget and manages the scrollback buffer in many popular terminal emulators including gnome-terminal, xfce4-terminal, terminator and guake. Due to this flaw, your scrollback buffer ends up on your /tmp filesystem over time and can be viewed by anyone who gets ahold of your hard drive. Including data passed back through an SSH connection. A demonstration video was also made to make the problem more obvious. Anyone using these terminals or others based on libVTE should be aware of this issue as it even writes data passed back through an SSH connection to your local disk. Instructions are also included for how to properly deal with the leaked data on your hard drive. You are either encouraged to switch terminals and/or start using tmpfs for your /tmp partition until the library is fixed.
GNOME

Submission + - Flaw found in gnome-terminal, xfce terminal and terminator that writes to disk. (climagic.org)

suso writes: "A design flaw in the VTE library was published yesterday. The VTE library, which is part of the GNOME project, provides the terminal widget and manages the scrollback buffer used in many popular terminal emulators including gnome-terminal, xfce4-terminal, terminator and guake. Due to this flaw, your scrollback buffer ends up on your /tmp filesystem over time and can be viewed by anyone who gets ahold of your hard drive. Including data passed back through an SSH connection. A demonstration video was also made to make the problem more obvious. Anyone using these terminals or others based on libvte should be aware of this issue. Any administrator who has users who connect to services using one of these terminals will also be affected. Instructions are also included in the report for how to properly deal with the leaked data on your hard drive. You are encouraged to switch terminals or start using tmpfs for your /tmp partition until the library is fixed."

Slashdot Top Deals

Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser

Working...