Date: Fri, 22 Apr 2005 12:20:24 +0200 From: Dean Strik <dean@stack.nl> To: Jesper Wallin <jesper@hackunite.net> Cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? Message-ID: <20050422102023.GA81889@dragon.stack.nl> In-Reply-To: <42686A29.7090900@hackunite.net> References: <42686A29.7090900@hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jesper Wallin wrote: > For some reason, I thought little about the "clear" command today.. > Let's say a privileged user (root) logs on, edit a sensitive file (e.g, > a file containing a password, running vipw, etc) .. then runs clear and > logout. Then anyone can press the scroll-lock command, scroll back up > and read the sensitive information.. Isn't "clear" ment to clear the > backbuffer instead of printing a full screen of returns? If it does, I'm > not sure how that would effect a user running "clear" on a pty (telnet, > sshd, screen, etc) .. vidcontrol -C ; clear -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050422102023.GA81889>