Impact
Ghostty leaks file descriptors (notably the pty) to the running command. This allows the shell and any of its child processes to potentially impact other Ghostty terminal instances.
Most of the leaked file descriptors are harmless, but notably the pty fds of every previous pty is leaked to every subsequent pty (such that as you open new tabs, splits, etc. in Ghostty, each new surface receives more and more fds). These file descriptors can be used to influence the other pty sessions.
A PoC was created which showed that you could use this in theory to steal something like a sudo password, but the exact scenario required to make it happen seems impractical to happen outside of a synthetic environment (you need to know the fd number, you need to know sudo is open, you need to read at the right time, any spurious reads break the other terminal before you can steal data, etc.).
Patches
The issue has been patched in Ghostty 1.1.0, via the pull request linked below:
#5341
Workarounds
There are no known workarounds in impacted Ghostty versions.
stschulte Reporter
Impact
Ghostty leaks file descriptors (notably the pty) to the running command. This allows the shell and any of its child processes to potentially impact other Ghostty terminal instances.
Most of the leaked file descriptors are harmless, but notably the pty fds of every previous pty is leaked to every subsequent pty (such that as you open new tabs, splits, etc. in Ghostty, each new surface receives more and more fds). These file descriptors can be used to influence the other pty sessions.
A PoC was created which showed that you could use this in theory to steal something like a
sudopassword, but the exact scenario required to make it happen seems impractical to happen outside of a synthetic environment (you need to know the fd number, you need to know sudo is open, you need to read at the right time, any spurious reads break the other terminal before you can steal data, etc.).Patches
The issue has been patched in Ghostty 1.1.0, via the pull request linked below:
#5341
Workarounds
There are no known workarounds in impacted Ghostty versions.