Date: Thu, 24 May 2001 18:15:34 +0400 (MSD) From: yar@comp.chem.msu.su To: FreeBSD-gnats-submit@freebsd.org Subject: kern/27616: Syscons history permits peeking in the previous session output Message-ID: <200105241415.f4OEFYC91388@bsd.chem.msu.ru>
index | next in thread | raw e-mail
>Number: 27616 >Category: kern >Synopsis: Syscons history permits peeking in the previous session output >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu May 24 07:20:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Yar Tikhiy >Release: FreeBSD 4.3-STABLE i386 >Organization: Moscow State University >Environment: All versions >Description: Despites most programs avoid showing sensitive information like passwords, it's a bad idea in general to leave your session output on the screen after logging out. Therefore the syscons driver should clear the corresponding history buffer when a vty device is being closed, but it fails to. There is some code addressing the problem in the scclose() function, but it's ifndef'ed out, and its status is rather unclear. >How-To-Repeat: Log off a FreeBSD vty, hit ScrollLock, scroll to the terminated session contents using Up or PageUp and see your decrypted love-letters, private talks etc. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105241415.f4OEFYC91388>