Date: Fri, 25 May 2001 20:43:04 +0400 (MSD) From: .@babolo.ru To: dima@unixfreak.org Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: kern/27616: Syscons history permits peeking in the previous session output Message-ID: <200105251643.UAA05321@aaz.links.ru> In-Reply-To: <200105250000.f4P002501947@freefall.freebsd.org> from "Dima Dorfman" at "May 24, 1 05:00:02 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Dima Dorfman writes: > The following reply was made to PR kern/27616; it has been noted by GNATS. > > From: Dima Dorfman <dima@unixfreak.org> > To: Yar Tikhiy <yar@freebsd.org> > Cc: freebsd-gnats-submit@FreeBSD.org > Subject: Re: kern/27616: Syscons history permits peeking in the previous session output > Date: Thu, 24 May 2001 16:54:13 -0700 > > Yar Tikhiy <yar@freebsd.org> writes: > > On Thu, May 24, 2001 at 03:33:59PM +0100, David Malone wrote: > > > > >How-To-Repeat: > > > > > > > > Log off a FreeBSD vty, hit ScrollLock, scroll to the > > > > terminated session contents using Up or PageUp and see your > > > > decrypted love-letters, private talks etc. > > > > > > Couldn't you set the size of the scroll-back buffer to zero if this > > > upsets you or your users? (kbdcontrol -h 1 will effectively do this). > > > > First, one wouldn't like to lose the history buffer at all. > > Second, it's neither me nor my users who is upset by the issue. > > It's a general security problem, though. > > > > > Alot of terminal emulators would have this problem. > > > > A lot of operating systems are buggy crap. FreeBSD is not ;-) > > > > > (Loosing the scroll back buffer on logout would be likely to upset > > > some people 'cos it means that console log messages would be erased.) > > > > Let it be a per-vty configurable option. > > How about adding an option to kbdcontrol(1) to clear the buffer? If > the user knows they've been reading love letters, they can clear it > manually. Or if they're always reading love letters, they can stick > `kbdcontrol -c' in .logout and forget about it. This has the > fortunate sideaffects of giving the user an option of *when* to clear > it and *if* to clear it. > > Trivial patch attached. > > Thoughts? why kbdcontrol, not vidcontrol? -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105251643.UAA05321>