From owner-freebsd-bugs Fri May 25 9:41:22 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by hub.freebsd.org (Postfix) with ESMTP id 5465837B423 for ; Fri, 25 May 2001 09:41:19 -0700 (PDT) (envelope-from babolo@links.ru) Received: (from babolo@localhost) by aaz.links.ru (8.9.3/8.9.3) id UAA05321; Fri, 25 May 2001 20:43:05 +0400 (MSD) Message-Id: <200105251643.UAA05321@aaz.links.ru> Subject: Re: kern/27616: Syscons history permits peeking in the previous session output In-Reply-To: <200105250000.f4P002501947@freefall.freebsd.org> from "Dima Dorfman" at "May 24, 1 05:00:02 pm" To: dima@unixfreak.org Date: Fri, 25 May 2001 20:43:04 +0400 (MSD) Cc: freebsd-bugs@FreeBSD.ORG From: .@babolo.ru MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dima Dorfman writes: > The following reply was made to PR kern/27616; it has been noted by GNATS. > > From: Dima Dorfman > To: Yar Tikhiy > Cc: freebsd-gnats-submit@FreeBSD.org > Subject: Re: kern/27616: Syscons history permits peeking in the previous session output > Date: Thu, 24 May 2001 16:54:13 -0700 > > Yar Tikhiy writes: > > On Thu, May 24, 2001 at 03:33:59PM +0100, David Malone wrote: > > > > >How-To-Repeat: > > > > > > > > Log off a FreeBSD vty, hit ScrollLock, scroll to the > > > > terminated session contents using Up or PageUp and see your > > > > decrypted love-letters, private talks etc. > > > > > > Couldn't you set the size of the scroll-back buffer to zero if this > > > upsets you or your users? (kbdcontrol -h 1 will effectively do this). > > > > First, one wouldn't like to lose the history buffer at all. > > Second, it's neither me nor my users who is upset by the issue. > > It's a general security problem, though. > > > > > Alot of terminal emulators would have this problem. > > > > A lot of operating systems are buggy crap. FreeBSD is not ;-) > > > > > (Loosing the scroll back buffer on logout would be likely to upset > > > some people 'cos it means that console log messages would be erased.) > > > > Let it be a per-vty configurable option. > > How about adding an option to kbdcontrol(1) to clear the buffer? If > the user knows they've been reading love letters, they can clear it > manually. Or if they're always reading love letters, they can stick > `kbdcontrol -c' in .logout and forget about it. This has the > fortunate sideaffects of giving the user an option of *when* to clear > it and *if* to clear it. > > Trivial patch attached. > > Thoughts? why kbdcontrol, not vidcontrol? -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message