09 March 2012

[bug] libVTE scrollback buffer written to disk

http://www.climagic.com/bugreports/libvte-scrollback-written-to-disk.html

Summary:
-----------------------------------------------------------------------
  Due to the way the history buffer is saved in terminal emulators
  using libVTE after version 0.21.6, data from inside your terminal
  window can end up on your local filesystem. This is most likely
  unexpected behavior in a terminal emulator and represents a very
  significant security issue.

Worse case scenario:
-----------------------------------------------------------------------
  Classified, secret or medical information that was accessed through a
  terminal window was thought to be safe because it was on a remote server
  and only accessed via SSH, but now its also on the hard drive that is
  for sale online or stolen without having been wiped because this
  issue was not accounted for.

No comments:

Post a Comment