Questions tagged [terminal]

39 questions
116
votes
7 answers

Can "cat-ing" a file be a potential security risk?

I often use cat on the console to view the contents of files, and every now and then I accidentally cat a binary file which basically produces gibberish and system beeps. However today I've encountered a situation where the output from the cat…
Ivan Kovacevic
  • 2,099
  • 5
  • 19
  • 21
88
votes
1 answer

Mac OS X terminal prompt displaying foreign hostname (or: What is Stacey's iPhone doing in my Terminal?)

I opened my Terminal today and saw this: StaceysiPhone6s:~ jcz$ Who is Stacey? Why is she in my Terminal? What happened? What should I be worried about? How do I fix it?
Jeff
  • 943
  • 1
  • 6
  • 9
44
votes
2 answers

How secure is "Secure Keyboard Entry" in Mac OS X's Terminal?

I've been using Terminal under Mac OS X for years but somehow missed to spot this feature: I'm now wondering how does this actually work, and is it 100% safe? If it isn't, what technique could be used to still get the keystrokes?
Ivan Kovacevic
  • 2,099
  • 5
  • 19
  • 21
9
votes
3 answers

Simple way to safely paste text from website into terminal

It's fairly well known that it's very dangerous to copy-paste text from a website into a terminal, as it can include extra text, control codes, and newlines that aren't visible when you're copying it, but which are saved into the paste buffer,…
forest
  • 64,616
  • 20
  • 206
  • 257
9
votes
2 answers

What exactly does `ssh -T user@domain verify` do?

The example I'm specifically thinking of is: ssh -T git@github.com verify Looking at the docs (man ssh) I can see that -T is the flag to "Disable pseudo-terminal allocation", but what implications does that actually have on the verification? Does…
Matt
  • 225
  • 2
  • 5
6
votes
4 answers

Why do GUI terminals allow the pasting of control characters?

Given that control characters are usually not rendered, but they are given a special meaning in most terminals, what reasons are there for terminal apps to continue to support copy-pasting of control characters? One can mask a harmful code as…
Manishearth
  • 8,237
  • 5
  • 34
  • 56
5
votes
1 answer

Is it safe to use a unix pipe to redirect sensitive output data as input to another program?

I want to make a Node.js development server use HTTPS by giving it access to the contents of a TLS certificate and private key file. On the one hand, I don't like the idea of making the TLS private key file readable by anyone other than root. On the…
Will
  • 188
  • 7
5
votes
1 answer

Using (cat $file; cat) to run a simple BOF exploit

Im getting acquainted with Buffer Overflows (BOF) and was replicating a simple attack described by Techorganic. They create a simple C program called "classic", which contains an obvious BOF vulnerability (when it reads up to 400bytes into an 80byte…
4
votes
3 answers

What would be a secure way to handle password prompts in shell?

I have a script that a member of our L1 team will run on a linux server (ssh'ed in - non root) that will take in their password and pass it to kinit via an embedded expect script (which ultimately talks to our authentication Kerberos KDCs) for the…
james6125
  • 211
  • 1
  • 8
4
votes
2 answers

Safely decrypting an unsolicited/untrusted PGP message

I am accepting public security vulnerability reports for my website, and I publish my personal PGP (GPG) key to encourage people to encrypt their communications. Upon receiving an encrypted message, what is the best way to safely decrypt it? The…
jamieweb
  • 425
  • 1
  • 3
  • 10
4
votes
1 answer

Is it possible to use the Linux "echo" command maliciously?

While testing a web application today, I came across a function that passed arguments to dig in linux terminal. After some fiddling about I was able to pass the echo command using pipes and echo my input to the response however I failed to launch…
Mico
  • 377
  • 3
  • 16
3
votes
4 answers

Why did "terminal commands" never get a version of SQL "parameterized queries"?

I was taught horrible bad practice when I initially "learned" SQL, which baked in user-submitted input with quotes and attempted to "escape" this (in the beginning, I didn't even escape it at all...). I then had to spend many years unlearning this,…
M. Vencel
  • 31
  • 1
3
votes
2 answers

how to secure terminal logs

There might be a misconception from my side on wether I should worry about this or not. But if I should, what measures should I take to secure my terminal logs / command history? One of things largely mentioned is to not type passwords as part of…
3
votes
2 answers

Good Practice to Secure Computer Terminal?

I am currently trying to set up a computer terminal from scratch at home. The use of it is basically as a terminal to connect to cloud servers hosted remotely in the internet. I am trying my best to make it secure. Do you mind pointing out what I…
GabrielC
  • 131
  • 2
2
votes
2 answers

Sign SSL certificate with root certificate using openssl

I have created a root certificate, My Root Certificate, with a private key, RSA Private Key 1, using the openssl terminal command. I would like to make a certificate chain such as the following: My Root Certificate example.com, signed with RSA…
Java Is Cool
  • 165
  • 2
  • 10
1
2 3