Questions tagged [terminal]
39 questions
116
votes
7 answers
Can "cat-ing" a file be a potential security risk?
I often use cat on the console to view the contents of files, and every now and then I accidentally cat a binary file which basically produces gibberish and system beeps. However today I've encountered a situation where the output from the cat…
Ivan Kovacevic
- 2,099
- 5
- 19
- 21
88
votes
1 answer
Mac OS X terminal prompt displaying foreign hostname (or: What is Stacey's iPhone doing in my Terminal?)
I opened my Terminal today and saw this:
StaceysiPhone6s:~ jcz$
Who is Stacey?
Why is she in my Terminal?
What happened?
What should I be worried about?
How do I fix it?
Jeff
- 943
- 1
- 6
- 9
44
votes
2 answers
How secure is "Secure Keyboard Entry" in Mac OS X's Terminal?
I've been using Terminal under Mac OS X for years but somehow missed to spot this feature:
I'm now wondering how does this actually work, and is it 100% safe? If it isn't, what technique could be used to still get the keystrokes?
Ivan Kovacevic
- 2,099
- 5
- 19
- 21
9
votes
3 answers
Simple way to safely paste text from website into terminal
It's fairly well known that it's very dangerous to copy-paste text from a website into a terminal, as it can include extra text, control codes, and newlines that aren't visible when you're copying it, but which are saved into the paste buffer,…
forest
- 64,616
- 20
- 206
- 257
9
votes
2 answers
What exactly does `ssh -T user@domain verify` do?
The example I'm specifically thinking of is:
ssh -T git@github.com verify
Looking at the docs (man ssh) I can see that -T is the flag to "Disable pseudo-terminal allocation", but what implications does that actually have on the verification?
Does…
Matt
- 225
- 2
- 5
6
votes
4 answers
Why do GUI terminals allow the pasting of control characters?
Given that control characters are usually not rendered, but they are given a special meaning in most terminals, what reasons are there for terminal apps to continue to support copy-pasting of control characters?
One can mask a harmful code as…
Manishearth
- 8,237
- 5
- 34
- 56
5
votes
1 answer
Is it safe to use a unix pipe to redirect sensitive output data as input to another program?
I want to make a Node.js development server use HTTPS by giving it access to the contents of a TLS certificate and private key file.
On the one hand, I don't like the idea of making the TLS private key file readable by anyone other than root. On the…
Will
- 188
- 7
5
votes
1 answer
Using (cat $file; cat) to run a simple BOF exploit
Im getting acquainted with Buffer Overflows (BOF) and was replicating a simple attack described by Techorganic. They create a simple C program called "classic", which contains an obvious BOF vulnerability (when it reads up to 400bytes into an 80byte…
Fernando Pérez
- 133
- 2
- 7
4
votes
3 answers
What would be a secure way to handle password prompts in shell?
I have a script that a member of our L1 team will run on a linux server (ssh'ed in - non root) that will take in their password and pass it to kinit via an embedded expect script (which ultimately talks to our authentication Kerberos KDCs) for the…
james6125
- 211
- 1
- 8
4
votes
2 answers
Safely decrypting an unsolicited/untrusted PGP message
I am accepting public security vulnerability reports for my website, and I publish my personal PGP (GPG) key to encourage people to encrypt their communications.
Upon receiving an encrypted message, what is the best way to safely decrypt it?
The…
jamieweb
- 425
- 1
- 3
- 10
4
votes
1 answer
Is it possible to use the Linux "echo" command maliciously?
While testing a web application today, I came across a function that passed arguments to dig in linux terminal. After some fiddling about I was able to pass the echo command using pipes and echo my input to the response however I failed to launch…
Mico
- 377
- 3
- 16
3
votes
4 answers
Why did "terminal commands" never get a version of SQL "parameterized queries"?
I was taught horrible bad practice when I initially "learned" SQL, which baked in user-submitted input with quotes and attempted to "escape" this (in the beginning, I didn't even escape it at all...). I then had to spend many years unlearning this,…
M. Vencel
- 31
- 1
3
votes
2 answers
how to secure terminal logs
There might be a misconception from my side on wether I should worry about this or not. But if I should, what measures should I take to secure my terminal logs / command history?
One of things largely mentioned is to not type passwords as part of…
Paulo Phagula
- 133
- 3
3
votes
2 answers
Good Practice to Secure Computer Terminal?
I am currently trying to set up a computer terminal from scratch at home. The use of it is basically as a terminal to connect to cloud servers hosted remotely in the internet.
I am trying my best to make it secure. Do you mind pointing out what I…
GabrielC
- 131
- 2
2
votes
2 answers
Sign SSL certificate with root certificate using openssl
I have created a root certificate, My Root Certificate, with a private key, RSA Private Key 1, using the openssl terminal command.
I would like to make a certificate chain such as the following:
My Root Certificate
example.com, signed with RSA…
Java Is Cool
- 165
- 2
- 10