Date: Fri, 22 Apr 2005 14:52:00 +0300 From: Giorgos Keramidas <keramida@freebsd.org> To: Jesper Wallin <jesper@www.hackunite.net> Cc: Pat Maddox <pergesu@gmail.com> Subject: Re: Information disclosure? Message-ID: <20050422115200.GA58483@orion.daedalusnetworks.priv> In-Reply-To: <42687BDD.6000008@hackunite.net> References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com> <42687BDD.6000008@hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-04-22 06:21, Jesper Wallin <jesper@www.hackunite.net> wrote: >Pat Maddox wrote: >>On 4/21/05, Jesper Wallin <jesper@hackunite.net> wrote: >>>Hello, >>>For some reason, I thought little about the "clear" command today.. >>>Let's say a privileged user (root) logs on, edit a sensitive file >>>(e.g, a file containing a password, running vipw, etc) .. then runs >>>clear and logout. Then anyone can press the scroll-lock command, >>>scroll back up and read the sensitive information.. Isn't "clear" >>>ment to clear the backbuffer instead of printing a full screen of >>>returns? If it does, I'm not sure how that would effect a user >>>running "clear" on a pty (telnet, sshd, screen, etc) .. >> >>No, it's not meant to clear the buffer. If you need to clear the >>buffer, just cat a really, really long file. > > Heh, that sounds more like a ugly hack than a solution if you ask me. Who has physical access to your consoles and why? Putting "deliberate paranoia" aside for a while, you can always _force_ the syscons buffer to be cleared by toggling between a couple of different video modes: # vidcontrol 80x30 ; vidcontrol 80x25 ; clear ; logout
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050422115200.GA58483>