Highest Voted 'terminal' Questions - IT Security Stack Exchange

116

votes

7 answers

Can "cat-ing" a file be a potential security risk?

I often use cat on the console to view the contents of files, and every now and then I accidentally cat a binary file which basically produces gibberish and system beeps. However today I've encountered a situation where the output from the cat…

asked Apr 22 '14 at 02:29

Ivan Kovacevic

2,099
5
19
21

88

votes

1 answer

Mac OS X terminal prompt displaying foreign hostname (or: What is Stacey's iPhone doing in my Terminal?)

I opened my Terminal today and saw this: StaceysiPhone6s:~ jcz$ Who is Stacey? Why is she in my Terminal? What happened? What should I be worried about? How do I fix it?

macos terminal

asked May 01 '17 at 15:42

Jeff

943
1
6
9

44

votes

2 answers

How secure is "Secure Keyboard Entry" in Mac OS X's Terminal?

I've been using Terminal under Mac OS X for years but somehow missed to spot this feature: I'm now wondering how does this actually work, and is it 100% safe? If it isn't, what technique could be used to still get the keystrokes?

macos keyloggers terminal

asked Dec 28 '13 at 16:39

Ivan Kovacevic

2,099
5
19
21

9

votes

3 answers

Simple way to safely paste text from website into terminal

It's fairly well known that it's very dangerous to copy-paste text from a website into a terminal, as it can include extra text, control codes, and newlines that aren't visible when you're copying it, but which are saved into the paste buffer,…

web-browser terminal

asked May 21 '21 at 22:12

forest

64,616
20
206
257

9

votes

2 answers

What exactly does `ssh -T user@domain verify` do?

The example I'm specifically thinking of is: ssh -T git@github.com verify Looking at the docs (man ssh) I can see that -T is the flag to "Disable pseudo-terminal allocation", but what implications does that actually have on the verification? Does…

public-key-infrastructure ssh terminal

asked Dec 12 '15 at 13:33

Matt

225
2
5

6

votes

4 answers

Why do GUI terminals allow the pasting of control characters?

Given that control characters are usually not rendered, but they are given a special meaning in most terminals, what reasons are there for terminal apps to continue to support copy-pasting of control characters? One can mask a harmful code as…

terminal

asked Feb 07 '14 at 08:50

Manishearth

8,237
5
34
56

5

votes

1 answer

Is it safe to use a unix pipe to redirect sensitive output data as input to another program?

I want to make a Node.js development server use HTTPS by giving it access to the contents of a TLS certificate and private key file. On the one hand, I don't like the idea of making the TLS private key file readable by anyone other than root. On the…

linux permissions unix sudo terminal

asked Jan 27 '19 at 02:59

Will

188
7

5

votes

1 answer

Using (cat $file; cat) to run a simple BOF exploit

Im getting acquainted with Buffer Overflows (BOF) and was replicating a simple attack described by Techorganic. They create a simple C program called "classic", which contains an obvious BOF vulnerability (when it reads up to 400bytes into an 80byte…

buffer-overflow exploit-development terminal

asked Apr 06 '17 at 14:18

Fernando Pérez

133
2
7

4

votes

3 answers

What would be a secure way to handle password prompts in shell?

I have a script that a member of our L1 team will run on a linux server (ssh'ed in - non root) that will take in their password and pass it to kinit via an embedded expect script (which ultimately talks to our authentication Kerberos KDCs) for the…

passwords terminal

asked Apr 04 '18 at 17:21

james6125

211
1
8

4

votes

2 answers

Safely decrypting an unsolicited/untrusted PGP message

I am accepting public security vulnerability reports for my website, and I publish my personal PGP (GPG) key to encourage people to encrypt their communications. Upon receiving an encrypted message, what is the best way to safely decrypt it? The…

pgp gnupg bash terminal

asked Feb 16 '18 at 23:26

jamieweb

425
1
3
10

4

votes

1 answer

Is it possible to use the Linux "echo" command maliciously?

While testing a web application today, I came across a function that passed arguments to dig in linux terminal. After some fiddling about I was able to pass the echo command using pipes and echo my input to the response however I failed to launch…

linux shellcode terminal

asked May 02 '16 at 10:52

Mico

377
3
16

3

votes

4 answers

Why did "terminal commands" never get a version of SQL "parameterized queries"?

I was taught horrible bad practice when I initially "learned" SQL, which baked in user-submitted input with quotes and attempted to "escape" this (in the beginning, I didn't even escape it at all...). I then had to spend many years unlearning this,…

windows linux terminal escape cross-platform

asked Jul 20 '20 at 21:38

M. Vencel

31
1

3

votes

2 answers

how to secure terminal logs

There might be a misconception from my side on wether I should worry about this or not. But if I should, what measures should I take to secure my terminal logs / command history? One of things largely mentioned is to not type passwords as part of…

terminal

asked Nov 16 '17 at 23:37

Paulo Phagula

133
3

3

votes

2 answers

Good Practice to Secure Computer Terminal?

I am currently trying to set up a computer terminal from scratch at home. The use of it is basically as a terminal to connect to cloud servers hosted remotely in the internet. I am trying my best to make it secure. Do you mind pointing out what I…

defense terminal

asked Aug 03 '16 at 09:19

GabrielC

131
2

2

votes

2 answers

Sign SSL certificate with root certificate using openssl

I have created a root certificate, My Root Certificate, with a private key, RSA Private Key 1, using the openssl terminal command. I would like to make a certificate chain such as the following: My Root Certificate example.com, signed with RSA…

tls openssl rsa terminal

asked Nov 20 '14 at 04:02

Java Is Cool

165
2
10

Questions tagged [terminal]