Bug#631925: gnome-search-tool: please document that any local user sees your search history

Timo Juhani Lindfors timo.lindfors at iki.fi
Tue Jun 28 10:46:36 UTC 2011 

Package: gnome-search-tool
Version: 2.30.0-2
Severity: minor

The "Help" in Places->Search for Files... starts by mentioning that
the search is implemented using UNIX commands find, grep and locate. A
large number of users are not familiar with these tools and thus can
not figure out the important implication: your search term history is
visible to all other users of the system through the process list!

To draw attention to this problem I quickly hacked together a program
that logs what other people are searching for using inotify:

Tue Jun 28 13:38:48 2011 lindi started a search (10726) for /home/lindi/ ( -iname *.py -o -iname .py ) ! -type p -exec grep -i -I -c secret stuff {} ; -print
Tue Jun 28 13:39:01 2011 search (11853) is reading -i -I -c secret stuff /home/lindi/debian/debian-xpra/parti-all-0.0.7.21+20110601r67/debian/tmp/usr/lib/python2.5/site-packages/wimpiggy/test.py
Tue Jun 28 13:39:03 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11993) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:04 2011 search (11995) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/xen-utils-4.0/usr/lib/xen-4.0/lib/python/xen/xm/getlabel.py
Tue Jun 28 13:39:05 2011 search (12198) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/install-utils_amd64/usr/lib/xen-4.0/lib/python/xen/xm/main.py
Tue Jun 28 13:39:05 2011 search (12208) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/install-utils_amd64/usr/lib/xen-4.0/lib/python/xen/xend/XendDomainInfo.py
Tue Jun 28 13:39:05 2011 search (12208) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/install-utils_amd64/usr/lib/xen-4.0/lib/python/xen/xend/XendDomainInfo.py
Tue Jun 28 13:39:09 2011 search (12600) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/build-utils_amd64/tools/python/build/lib.linux-x86_64-2.5/xen/xm/setenforce.py
Tue Jun 28 13:39:09 2011 search (12600) is reading -i -I -c secret stuff /home/lindi/debian/debian-xen/xen-4.0.1/debian/build/build-utils_amd64/tools/python/build/lib.linux-x86_64-2.5/xen/xm/setenforce.py
Tue Jun 28 13:38:48 2011 lindi's search (10726) completed in 21 seconds


-------------- next part --------------
A non-text attachment was scrubbed...
Name: spy-gnome-search-tool.py
Type: text/x-python
Size: 2394 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20110628/a4784828/attachment-0001.py>
-------------- next part --------------


-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnome-search-tool depends on:
ii  gconf2                 2.28.1-6          GNOME configuration database syste
ii  gnome-utils-common     2.30.0-2          data files for the GNOME utilities
ii  libatk1.0-0            1.30.0-1          The ATK accessibility toolkit
ii  libc6                  2.11.2-10         Embedded GNU C Library: Shared lib
ii  libcairo2              1.8.10-6          The Cairo 2D vector graphics libra
ii  libfontconfig1         2.8.0-2.1         generic font configuration library
ii  libfreetype6           2.4.2-2.1         FreeType 2 font engine, shared lib
ii  libgconf2-4            2.28.1-6          GNOME configuration database syste
ii  libglib2.0-0           2.24.2-1          The GLib library of C routines
ii  libgtk2.0-0            2.20.1-2          The GTK+ graphical user interface 
ii  libice6                2:1.0.6-2         X11 Inter-Client Exchange library
ii  libpango1.0-0          1.28.3-1+squeeze2 Layout and rendering of internatio
ii  libsm6                 2:1.1.1-1         X11 Session Management library
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

gnome-search-tool recommends no packages.

Versions of packages gnome-search-tool suggests:
ii  yelp                     2.30.1+webkit-1 Help browser for GNOME

-- no debconf information

More information about the pkg-gnome-maintainers mailing list