Security hole: unsecure and strange behaviour of xorg
Dear security team,
since some time I watch a strange behaviour: contents of the last desktop are
still somewhere in the RAM or videoram and are strangely not deleted, when I
change to another windcow manager or reboot.
Just before I start kdm or a new window manager, I see a puzzled content from
the desktop before
An example: when I ran XFCE, then rebooted, and want to start KDE, I see kdm,
then the splash screen of KDE, then the contents of the XFCE-desktop, then KDE
starts.
The only way to get rid of this, is to completely put off all powersources
(including put off battery of the notebook) and start again.
IMO this is strange, as this fragments of the old desktops might block somehow
maybe, and they are of course a security hole.
Reason? When those desktop datas are still in the memory after a reboot, they
can of course be read by attackers. Those datas may leave unwanted
informations, for example you can see, whom I follow at twitter, who am I
myself and many other infos, which can be recognized from a desktop.
As I told: shutting down a notebook does not delete them!!!
A stolen notebook might show lots of unwanted informations. And besides, I do
not know, how easy it is to get access to these datas, as they are still there
BEFORE X starts, and BEFORE a NEW windowmanager will overwrite these datas.
IMO this is a great security whole! A patch would be, to make sure, all datas
from videoram are deleted, when no x-server is running any more.
Would be nice, if someone could give some background information to this
behaviour.
Thanks for reading this.
Best regards
Hans-J. Ullrich
Reply to: