Security issue with log files.

[Phil Norman]

Hi.

The 'kpcli' program (a command-line keepass-compatible password manager) allows passwords to be retrieved and copied in a terminal, by displaying them as red text on a red background. Thus, the password can be copied to the clipboard without having it displayed on the screen.

However, Terminator will happily dump the plain-text password into .terminator/logs/. This is a security risk, in particular because the default permissions on $HOME/.terminator seem to be (at least on my system) world-readable.

There are several options here:

1: Do nothing.

2: Detect cases where the foreground and background colours are identical, and switch off logging in this case.

3: Create the $HOME/.terminator/logs directory with 0700 permissions.

4: Do both [2] and [3].

Personally, I'd be in favour of option [4] here.

Cheers,

Phil

[Elliott Hughes]

#3 sounds reasonable. though note that we *do* ensure that .terminator itself is safe, every time we run. i don't know why we pass false to make_directory for log_directory on the next line. ah, because that was our supported way of disabling logging in 2008. okay, yeah, that seems obsolete now there's a checkbox in preference.

but the rest seems like kpcli is just doing it wrong... this is exactly what ESC [ 8 m is for: invisible text that can still be copy & pasted. i think it would be reasonable for us to not log text that's actually been marked as invisible.

--
You received this message because you are subscribed to the Google Groups "terminator-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terminator-use...@googlegroups.com.
To post to this group, send email to terminat...@googlegroups.com.
Visit this group at https://groups.google.com/group/terminator-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/terminator-users/CAOa8eG4%2BPu5PV8giviaqepsPSvVGJW%3DXZm7NLHcg6FfQ62bArg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--

Elliott Hughes - http://www.jessies.org/~enh/

[Phil Norman]

Hi.

Changing both directory creations to 'safe' mode would be good. A little playing about shows me that actually, the current code is adequate to prevent other users from sniffing through logs. However, a little more safety would not be a bad thing.

Doing some testing with manually-crafted escape sequences, I see that indeed, kpcli isn't using ESC[8m, and that if it did, Terminator would anyway not show the password. However, it still logs it.

Cat the attached file in a terminal, and then examine the log - you'll see the text still present there.

While kpcli should probably use ESC[8m, I can see why it doesn't: 'xterm' doesn't allow text which is protected by this method to be copy/pasted.

Cheers,

Phil

To view this discussion on the web visit https://groups.google.com/d/msgid/terminator-users/CANZA4Yn%2BDpSq4dMKQX19E30wiZ453gxTjjUpo_ZPA%3DmY03rO8w%40mail.gmail.com.