Bug#631925: gnome-search-tool: please document that any local user sees your search history
Timo Juhani Lindfors
timo.lindfors at iki.fi
Tue Jun 28 10:46:36 UTC 2011
Package: gnome-search-tool
Version: 2.30.0-2
Severity: minor
The "Help" in Places->Search for Files... starts by mentioning that
the search is implemented using UNIX commands find, grep and locate. A
large number of users are not familiar with these tools and thus can
not figure out the important implication: your search term history is
visible to all other users of the system through the process list!
To draw attention to this problem I quickly hacked together a program
that logs what other people are searching for using inotify:
Tue Jun 28 13:38:48 2011 lindi started a search (10726) for /home/lindi/ ( -iname *.py -o -iname .py ) ! -type p -exec grep -i -I -c secret stuff {} ; -print
Tue Jun 28 13:39:01 2011 search (11853) is reading -i -I -c secret stuff /home/lindi/debian/debian-xpra/parti-all-0.0.7.21+20110601r67/debian/tmp/usr/lib/python2.5/site-packages/wimpiggy/test.py
Tue Jun 28 13:39:03 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11995) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/getlabel.py
Tue Jun 28 13:39:05 2011 search (12198) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/install-utils_amd64/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:05 2011 search (12208) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/install-utils_amd64/usr/lib/xen-4.0/lib/python/xen/xend/XendDomainInfo.py
Tue Jun 28 13:39:05 2011 search (12208) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/install-utils_amd64/usr/lib/xen-4.0/lib/python/xen/xend/XendDomainInfo.py
Tue Jun 28 13:39:09 2011 search (12600) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/build-utils_amd64/tools/python/build/lib.linux-x86_64-2.5/xen/xm/setenforce.py
Tue Jun 28 13:39:09 2011 search (12600) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/build-utils_amd64/tools/python/build/lib.linux-x86_64-2.5/xen/xm/setenforce.py
Tue Jun 28 13:38:48 2011 lindi's search (10726) completed in 21 seconds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spy-gnome-search-tool.py
Type: text/x-python
Size: 2394 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20110628/a4784828/attachment-0001.py>
-------------- next part --------------
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gnome-search-tool depends on:
ii gconf2 2.28.1-6 GNOME configuration database syste
ii gnome-utils-common 2.30.0-2 data files for the GNOME utilities
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgconf2-4 2.28.1-6 GNOME configuration database syste
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library
ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio
ii libsm6 2:1.1.1-1 X11 Session Management library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
gnome-search-tool recommends no packages.
Versions of packages gnome-search-tool suggests:
ii yelp 2.30.1+webkit-1 Help browser for GNOME
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list