Deleted tmp files' filehandles still contain contents of buffers and are on disk
Submitted by Mark Krenz
Link to original bug (#664611)
Description
I noticed today that gnome-terminal uses the unlink tmp file/but keep the file handle open technique. And of all things, it uses this for terminal buffer contents. I realize that the data has to be somewhere, but first of all this puts the data on disk and it seems pretty trivial to write a script to scrape someone's terminal buffers. I think this should be fixed so that it no longer uses tmp files on the file system for buffer data.
Steps to reproduce:
- Open a couple of gnome-terminal windows
- Run ls in one of them, find / in another, etc.
- As the same user or as root run:
find /proc/$(pgrep gnome-terminal | head -1)/fd/ -ls | grep deleted | awk '{print $(NF-3)}' | xargs cat | less -R
I tried a handful of other popular terminal software and the only other ones on Linux that I could find that has this symptom is xfce4-terminal and guake. I'm guessing that both of those projects are based in part on gnome-terminal.
Older terminals like xterm, rxvt, aterm and Eterm all use sockets and pipes I guess and probably put all the buffer in memory. Konsole seems to do things securely as well as Yakuake, which is probably based on it. Honestly, I thought this is the way all terminals did it and I never dreamed that some were storing terminal buffer contents on disk. I think a lot of people would be surprised by this. Actually, running strings on my /tmp filesystem shows quite a bit of old terminal contents. Probably part of the recommended fix would be to scrub your /tmp filesystem as well somehow.
Version: 0.31.x
Resolution: RESOLVED FIXED