Security issue in Terminal
Guido Berhoerster
gber at opensuse.org
Thu Mar 8 20:13:52 CET 2012
* Kevin Chadwick <ma1l1ists at yahoo.co.uk> [2012-03-08 19:18]:
> On Thu, 08 Mar 2012 17:36:19 +0100
> Yves-Alexis Perez wrote:
>
> > While it might not be the perfect way to that, they did take care of
> > security, and actually nobody really gave another working solution.
>
> Do you know if they wipe the file when they delete it or hold all
> inodes used until shutdown?
It is unlinked before use and thus only accessible until the last
file descriptor is closed. "Wiping" as in trying to "overwrite" the
contents of the temporary file with random data does in no way
guarantee that the data that has been overwritten on the
filesystem level has been overwritten on the physical medium as
well, it depends on the filesystem and medium (e.g. on a SSD this
most likely won't work at all).
Considering how the original reporter is posting this now all
over the place (G+/Youtube/Reddit/Slashdot/bugtraq@/full-disclosure)
with some amount of hyperbole it has a bad smell to it, at the
very minimum he seems to have misguided expectations regarding
security.
--
Guido Berhoerster
More information about the Xfce
mailing list