From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 04:21:57 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6983116A4CE for ; Fri, 22 Apr 2005 04:21:57 +0000 (GMT) Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F49A43D41 for ; Fri, 22 Apr 2005 04:21:56 +0000 (GMT) (envelope-from jesper@hackunite.net) Received: from mail.hackunite.net ([213.112.198.142] [213.112.198.142]) by mxfep02.bredband.com with ESMTP <20050422042155.QYBR3591.mxfep02.bredband.com@mail.hackunite.net>; Fri, 22 Apr 2005 06:21:55 +0200 Received: from [213.112.198.205] (c-cdc670d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.198.205]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.hackunite.net (Postfix) with ESMTP id EDAEF60D7; Fri, 22 Apr 2005 06:21:53 +0200 (CEST) Message-ID: <42687BDD.6000008@hackunite.net> Date: Fri, 22 Apr 2005 06:21:49 +0200 From: Jesper Wallin User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pat Maddox References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com> In-Reply-To: <810a540e05042120493eb79da0@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.hackunite.net cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jesper@hackunite.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 04:21:57 -0000 Heh, that sounds more like a ugly hack than a solution if you ask me. Pat Maddox wrote: >No, it's not meant to clear the buffer. If you need to clear the >buffer, just cat a really, really long file. > > > >On 4/21/05, Jesper Wallin wrote: > > >>Hello, >> >>For some reason, I thought little about the "clear" command today.. >>Let's say a privileged user (root) logs on, edit a sensitive file (e.g, >>a file containing a password, running vipw, etc) .. then runs clear and >>logout. Then anyone can press the scroll-lock command, scroll back up >>and read the sensitive information.. Isn't "clear" ment to clear the >>backbuffer instead of printing a full screen of returns? If it does, I'm >>not sure how that would effect a user running "clear" on a pty (telnet, >>sshd, screen, etc) .. >> >>Best regards, >>Jesper Wallin >> >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >> >> >> >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >