You are not logged in.

#1 2010-03-02 21:37:41

pseudonomous
Member
Registered: 2008-04-23
Posts: 349

security issues related to posting Xorg core dumps on the internet?

Hi Everybody,

I forced a cored dump of Xorg in an attempt to try and trace down a bug that I suspect affects the xf86-video-intel driver, I'd like to post it online so I can link to it from the freedesktop.org bug-tracker, but I'm a little concerned whether anyone could recover anything I wouldn't want them to be able to know from the Xserver.

For example, if I was running keychain in some terminal emulators, would they be able to get my ssh key passphrase?   Are there other things like this I should be concerned about?

Or are things like this so hard to reverse enginerring from just an Xserver core dump that I shouldn't worry?

Thanks in advance for your time in replying, I did google a bit but all I could find was stuff on the security implications of enabling core dumps, not on posting the to the web.

Offline

#2 2010-03-02 22:51:58

ataraxia
Member
From: Pittsburgh
Registered: 2007-05-06
Posts: 1,553

Re: security issues related to posting Xorg core dumps on the internet?

Since X doesn't have your passphrase, it can't put it into any core dumps. About the only private data X has inside it that I can think of it the xauth key, but that changes every time you restart X, so it's already expired anyway.

You can always try running "strings" on the core dump and looking for anything bad.

Offline

#3 2010-03-03 02:38:11

pseudonomous
Member
Registered: 2008-04-23
Posts: 349

Re: security issues related to posting Xorg core dumps on the internet?

Thanks, I tried a pass with strings, but there's just so much data, I'll probably just give up and post it.

Offline

Board footer

Powered by FluxBB