Hello. After posting the flaw with libvte's handling of the scrollback buffer (writing it to disk), there were several people who made the erroneous claim that most distributions of Linux use tmpfs now and encrypt swap and that this shouldn't be an issue.
Because these claims attempted to diminish the importance of the flaw for many, I installed most of the popular distributions of Linux as well as some of the BSDs for comparison to see what their default setup was after installation. I have found that of the 35+ distribution versions that I tested, only the latest Arch Linux puts /tmp on tmpfs by default and the only other distributions that show it as an option during installation are Mageia or PC Linux OS. So the libvte flaw indeed is a widespread problem. I've documented the results at: http://www.climagic.org/bugreports/libvte-flaw-distro-defaults-chart.html You can view the libvte bug report here: http://climagic.org/bugreports/libvte-scrollback-written-to-disk.html Extra Note: I'm not suggesting that everyone put their /tmp on tmpfs and/or start using encrypted filesystem. There are other considerations which I talk about in the document above. -- Mark S. Krenz IT Director Suso Technology Services, Inc. Sent from Mutt using Linux _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/