YouTube home Comedy Week on YouTube
Upload

WARNING: gnome terminal, xfce terminal, terminator write scrollback buffer to disk

climagic climagic·25 videos
731
6,989
Like     Dislike 4

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like climagic's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike climagic's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add climagic's video to your playlist.

Published on Mar 6, 2012

This video demonstrates how to view information that was seen in the scrollback buffer from terminals that use the VTE library.

You can see the full report on this problem at:
http://www.climagic.org/bugreports/li...

Those of you who like to keep saying that this isn't a problem because you think that distributions are encrypting swamp or /tmp by default should check this out which shows completely the opposite of what you think, that almost none of them are:
http://www.climagic.org/bugreports/li...


More information about climagic can be found at: http://www.climagic.org/

The interactive transcript could not be loaded.
Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Uploader Comments (climagic)

  • Ramin Honary

    Ramin Honary 1 year ago

    Why is your "/dev/sdb1" mounted to "/tmp"? Most Linux systems mount the "tmpfs" RAM disk to /tmp, so any files stored there are in memory only, not stored to disk. Unless memory pages comprising "tmpfs" are swapped to disk, then none of this data should ever touch your hard disk.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Ramin Honary's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Ramin Honary's comment.
  • climagic

    climagic 1 year ago

    Actually, the research I'm doing right now shows that most major distributions in fact DO NOT mount /tmp using tmpfs. This seems to be a common misconception. Sure, you can do it after you install, but how many people really do that? I mounted it specifically do /dev/sdb1 in this video for the demonstration. I'll release the results in the next few days.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate climagic's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate climagic's comment.
    in reply to Ramin Honary (Show the comment)
  • Forge64

    Forge64 10 months ago

    What dists are you seeing that in? I've checked RHEL, Scientific, Debian, Gentoo here, all of them have /tmp on TMPFS.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Forge64's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Forge64's comment.
    in reply to climagic (Show the comment)
  • climagic

    climagic 7 months ago

    This is simply not true. I did research into this and the results are at the URL posted in the description.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate climagic's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate climagic's comment.
    in reply to Forge64 (Show the comment)
  • naranha2k9

    naranha2k9 1 year ago

    This is immensely exaggerated. I don't think it's a security issue as long as no other user except root can access the data at runtime. It's normal that sensitive information is stored on disk: SSH keys (with which you can access the history on a server as well), passwords etc. The only improvement that could be made is storing the buffer in the user dir. After all scrollbacks can get rather big and i do not want to have it in RAM.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate naranha2k9's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate naranha2k9's comment.
  • climagic

    climagic 1 year ago

    No, its not being exaggerated. I understand that people may not understand why this is a problem, which is actually why I made this video in addition to the report. Many people expect that scrollback data never hits the disk. Why? Because until konsole and gnome-terminal did it recently, none did write this info to disk. At least of the many that Its a pretty reasonable expectation. And since many people have that expectation, they should know about this flaw.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate climagic's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate climagic's comment.
    in reply to naranha2k9 (Show the comment)

All Comments (33)

Sign in now to post a comment!
  • 4mountainslars

    4mountainslars 1 week ago

    Actually that is stored in ~/.bash_history, and it's expected behaviour.

    This video is not about the commands, but about the output of the commands that gets stored on disk while it should not be.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate 4mountainslars's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate 4mountainslars's comment.
    in reply to LTDanno360 (Show the comment)
  • LTDanno360

    LTDanno360 1 week ago

    Wow this should be Named, Day 0 Terminal Vulnerability i often wondered Were the data was stored for instance when you can hit the up arrow and see all the commands you used ... Nice find Man

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate LTDanno360's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate LTDanno360's comment.
  • Pepsifx357

    Pepsifx357 5 months ago

    Arch Linux...tmpfs -> /tmp

    I know, I've had to increase it a few times. In one instance, I had to map it to a file on the hard drive to get a program installed. I only have 2GB of ram and the program needed just that.

    I can only speak for Arch though.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Pepsifx357's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Pepsifx357's comment.
    in reply to climagic (Show the comment)
  • TheMastodonHQ

    TheMastodonHQ 1 year ago

    @RaminHAL9001 I'm not sure about the newer ones but 10.04 and 10.10 to my knowledge didn't use tmpfs.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate TheMastodonHQ's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate TheMastodonHQ's comment.
  • Ramin Honary

    Ramin Honary 1 year ago

    Well I'll wait to see the video of your research, but every distribution I have used mount tmpfs or some equivalent to /tmp, including Fedora, Debian, Ubuntu, and Gentoo -- unless this has changed recently?

    But I think the more important point is, this isn't a vulnerability with libvte, A LOT of software makes the assumpion that /tmp is volatile memory. Just make sure you don't mount a physical disk to /tmp, and disable swapping if your are concerned your hard disk could be stolen.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Ramin Honary's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Ramin Honary's comment.
    in reply to climagic (Show the comment)
  • Jonathan Dowland

    Jonathan Dowland 1 year ago

    even if tmpfs on /tmp was prevalent this would be an issue of note, as the whole song and dance to avoid swapping by writing to disc in the first place would be moot.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Jonathan Dowland's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Jonathan Dowland's comment.
    in reply to climagic (Show the comment)
  • Loading comment...
Loading...
Loading...
Working...
Sign in to add this to Watch Later