Security issue in Terminal

Yves-Alexis Perez corsac at debian.org
Thu Mar 8 17:36:19 CET 2012


On jeu., 2012-03-08 at 15:10 +0000, Kevin Chadwick wrote:
> regarding world readable. You may grep something or cat something from a
> file of mode 600, it is apparently written to /tmp by terminal. An
> attacker running as _nobody could then create an empty file as that
> user and read the data making that data world readable. I believe
> from this thread that xterm won't write it to /tmp, so it is not an
> issue when using xterm. 

Did you actually check how it was done? The file is created using a
random name, then actually unlinked before anything is written to it.
The only way to get access to it is to use the /proc/pid/fd/ symlinks,
which you will need root permissions anyway.

While it might not be the perfect way to that, they did take care of
security, and actually nobody really gave another working solution. If
you have ideas about how to implement that, I'm sure they'll be glad to
listen to your arguments. On the vte bug reports, indeed.

Regards,
-- 
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://mail.xfce.org/pipermail/xfce/attachments/20120308/48b39889/attachment.pgp>


More information about the Xfce mailing list