Security issue in Terminal

Kevin Chadwick ma1l1ists at yahoo.co.uk
Thu Mar 8 16:10:15 CET 2012 

On Thu, 8 Mar 2012 15:31:57 +0100
Guido Berhoerster wrote:

> >   
> > > Switching to xterm will not gain you any additional security as
> > > the scrollback memory can be swapped out and thus end up on disk,
> > > too. If you deal with any sensitive documents where that becomes
> > > an issue you need to encrypt your filesystems, everything else is
> > > just eyewash and pseudosecurity.  
> > 
> > You mean encrypting your swap will help a little but is in fact less
> > secure than xterm using memory if you turn the power off at the plug
> > when you shutdown. Sensitive stuff shouldn't be echoed anyway but that
> > is no excuse for this bug which may reduce permissions to world
> > readable for example.  
> 
> I'm not sure I understand what you're trying to say here. The
> original report basically complains that terminal involving
> sensitive data can end up on disk, it is not about information
> disclosure through world readable files.
> So even if you use xterm, the xterm scrollback memory may be
> swapped out and end up on disk as well. Encrypting swap may
> mitigate this particular issue but even then there are many
> different ways how accessed data may end up somewhere on disk.
> The only viable solution to prevent sensitive data from being
> stored in clear on disk is to use full disk encryption. And even
> then your system might still be susceptible to cold boot attacks,
> turning off the power and pulling the plug won't protect you from
> that either.

Ok I may have skipped some words and you should encrypt swap or
disable it, though most won't know how or the caveats such as hibernate
or keys being around. Using xterm, disabling swap and pulling the plug
would be more secure, less problematic and easier than encrypting swap
for most. I do encrypt swap though, for programs that don't deal with
passwords properly etc..

Encrypting the whole disk does next to nothing for security except when
you switch it off and leave the room. Granted there are things like
backup files but on unix things are usually kept close to the source
file.

regarding world readable. You may grep something or cat something from a
file of mode 600, it is apparently written to /tmp by terminal. An
attacker running as _nobody could then create an empty file as that
user and read the data making that data world readable. I believe
from this thread that xterm won't write it to /tmp, so it is not an
issue when using xterm.

More information about the Xfce mailing list