thats true for nvidia driver and I think this should be their responsability, of course this is only my point of view...
On Thu, Aug 13, 2009 at 3:41 PM, Hans-J. Ullrich <hans.ullr...@loop.de>wrote: > Dear security team, > > since some time I watch a strange behaviour: contents of the last desktop > are > still somewhere in the RAM or videoram and are strangely not deleted, when > I > change to another windcow manager or reboot. > > Just before I start kdm or a new window manager, I see a puzzled content > from > the desktop before > > An example: when I ran XFCE, then rebooted, and want to start KDE, I see > kdm, > then the splash screen of KDE, then the contents of the XFCE-desktop, then > KDE > starts. > > The only way to get rid of this, is to completely put off all powersources > (including put off battery of the notebook) and start again. > > IMO this is strange, as this fragments of the old desktops might block > somehow > maybe, and they are of course a security hole. > > Reason? When those desktop datas are still in the memory after a reboot, > they > can of course be read by attackers. Those datas may leave unwanted > informations, for example you can see, whom I follow at twitter, who am I > myself and many other infos, which can be recognized from a desktop. > > As I told: shutting down a notebook does not delete them!!! > > A stolen notebook might show lots of unwanted informations. And besides, I > do > not know, how easy it is to get access to these datas, as they are still > there > BEFORE X starts, and BEFORE a NEW windowmanager will overwrite these datas. > > IMO this is a great security whole! A patch would be, to make sure, all > datas > from videoram are deleted, when no x-server is running any more. > > Would be nice, if someone could give some background information to this > behaviour. > > Thanks for reading this. > > Best regards > > Hans-J. Ullrich > > > > > -- > To UNSUBSCRIBE, email to debian-amd64-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > > -- Perhaps the depth of love can be calibrated by the number of different selves that are actively involved in a given relationship. Carl Sagan (Contact) Jaime Ochoa Malagón Arquitecto de Soluciones Cel: +52 (55) 1021 0774
