|
|
|
|
|
|
by draven
526 days ago
|
|
|
A vuln every 7-8 years is "a string of unique and extremely bad vulns"? I use iTerm2, mostly because that's what I'm used to: I installed it on my first Mac years ago when Terminal.app was really bad. I'm willing to switch to another terminal, but I don't see yet how iTerm2 is so much worse than the competition security-wise. (I also don't understand the general animosity towards an opensource project with one developer doing all the work for 15 years.) |
|
|
Here’s another: https://www.bleepingcomputer.com/news/security/iterm2-patche...
And another: https://www.cvedetails.com/cve/CVE-2019-19022/
Point being: it’s not hard to see what I’m talking about if you look up previous vulnerabilities in iTerm2, particularly around its sophisticated integration features. (I suppose I talk about this enough that it might be worth compiling all the history I’m aware of somewhere, I don’t want to sound like I’m just making this up)
It’s also notable that iTerm was found vulnerable to the same bug discovered recently in Ghostty: https://threatintelligencelab.com/blog/cve-2024-38396-a-crit...
> I also don't understand the general animosity towards an opensource project with one developer doing all the work for 15 years
I have nothing against George Nachman and iTerm2 is certainly an achievement, one that I probably couldn’t replicate myself. Nonetheless I feel the need to hold my terminal emulator to higher standards because it processes sensitive data and untrusted input with (inherently) poor isolation between the two. Until Ghostty I used Terminal.app for many years, having previously switched away from iTerm2 after the vulnerability discovered in 2017. That’s still what I recommend to people because it has a much smaller feature set and thus attack surface compared to iTerm.