Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov () inp nsk su>
Date: Fri, 9 Mar 2012 07:57:47 +0700 (NOVT)

On Tue, 6 Mar 2012, Mark Krenz wrote:

Testing and reproducing the issue:
-----------------------------------------------------------------------
 On Linux, if you want to see this behavior, you can do the following:

  1. Open one of the affected terminal emulators.
  2. Make sure its scrollback buffer is set to something like 500 or
     more so that it saves some of the scrollback.
  3. In the terminal, run:
          ls -l /proc/$PPID/fd | grep deleted
     If enough data has entered the scrollback buffer, you should start
     to see unlinked (deleted) files called /tmp/vte.*

 To see the data that has been logged to /tmp, you use a command like
 strings to view the contents of your /tmp partition.  If you have a
 seperate /tmp partition and its located on /dev/sda2, this could be done
 like this:

      strings /dev/sda2 | less

While the affected terminal is still running, it is much easier to directly read /proc/PID/fd/NNN files.

So, I suspect it can even be possible to see a "live mirror" of a running terminal session (yes, that is possible anyway via ptrace() or /proc/FD/mem, but reading well-known-formatted files is much-much-much easier).

        _________________________________________
          Dmitry Yu. Bolkhovityanov
          The Budker Institute of Nuclear Physics
          Novosibirsk, Russia


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault