From owner-freebsd-security@FreeBSD.ORG  Fri Apr 22 10:20:39 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 81A7F16A4E3
	for <freebsd-security@freebsd.org>;
	Fri, 22 Apr 2005 10:20:39 +0000 (GMT)
Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7F25E43D58
	for <freebsd-security@freebsd.org>;
	Fri, 22 Apr 2005 10:20:25 +0000 (GMT)
	(envelope-from dean@dragon.stack.nl)
Received: from dragon.stack.nl (dragon.stack.nl
	[IPv6:2001:610:1108:5011:207:e9ff:fe09:230])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mailhost.stack.nl (Postfix) with ESMTP id 3D4B81F31F;
	Fri, 22 Apr 2005 12:20:24 +0200 (CEST)
Received: by dragon.stack.nl (Postfix, from userid 1600)
	id 160875F157; Fri, 22 Apr 2005 12:20:24 +0200 (CEST)
Date: Fri, 22 Apr 2005 12:20:24 +0200
From: Dean Strik <dean@stack.nl>
To: Jesper Wallin <jesper@hackunite.net>
Message-ID: <20050422102023.GA81889@dragon.stack.nl>
References: <42686A29.7090900@hackunite.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42686A29.7090900@hackunite.net>
X-Editor: VIM Rulez! http://www.vim.org/
X-MUD: Outerspace - telnet://mud.stack.nl:3333
X-Really: Yes
User-Agent: Mutt/1.5.9i
X-Mailman-Approved-At: Fri, 22 Apr 2005 13:45:39 +0000
cc: freebsd-security@freebsd.org
Subject: Re: Information disclosure?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2005 10:20:39 -0000

Jesper Wallin wrote:
> For some reason, I thought little about the "clear" command today.. 
> Let's say a privileged user (root) logs on, edit a sensitive file (e.g, 
> a file containing a password, running vipw, etc) .. then runs clear and 
> logout. Then anyone can press the scroll-lock command, scroll back up 
> and read the sensitive information.. Isn't "clear" ment to clear the 
> backbuffer instead of printing a full screen of returns? If it does, I'm 
> not sure how that would effect a user running "clear" on a pty (telnet, 
> sshd, screen, etc) ..

vidcontrol -C ; clear

-- 
Dean C. Strik             Eindhoven University of Technology
dean@stack.nl  |  dean@ipnet6.org  |  http://www.ipnet6.org/
"This isn't right. This isn't even wrong." -- Wolfgang Pauli