Date: Thu, 24 May 2001 17:00:02 -0700 (PDT) From: Dima Dorfman <dima@unixfreak.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/27616: Syscons history permits peeking in the previous session output Message-ID: <200105250000.f4P002501947@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/27616; it has been noted by GNATS. From: Dima Dorfman <dima@unixfreak.org> To: Yar Tikhiy <yar@freebsd.org> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/27616: Syscons history permits peeking in the previous session output Date: Thu, 24 May 2001 16:54:13 -0700 Yar Tikhiy <yar@freebsd.org> writes: > On Thu, May 24, 2001 at 03:33:59PM +0100, David Malone wrote: > > > >How-To-Repeat: > > > > > > Log off a FreeBSD vty, hit ScrollLock, scroll to the > > > terminated session contents using Up or PageUp and see your > > > decrypted love-letters, private talks etc. > > > > Couldn't you set the size of the scroll-back buffer to zero if this > > upsets you or your users? (kbdcontrol -h 1 will effectively do this). > > First, one wouldn't like to lose the history buffer at all. > Second, it's neither me nor my users who is upset by the issue. > It's a general security problem, though. > > > Alot of terminal emulators would have this problem. > > A lot of operating systems are buggy crap. FreeBSD is not ;-) > > > (Loosing the scroll back buffer on logout would be likely to upset > > some people 'cos it means that console log messages would be erased.) > > Let it be a per-vty configurable option. How about adding an option to kbdcontrol(1) to clear the buffer? If the user knows they've been reading love letters, they can clear it manually. Or if they're always reading love letters, they can stick `kbdcontrol -c' in .logout and forget about it. This has the fortunate sideaffects of giving the user an option of *when* to clear it and *if* to clear it. Trivial patch attached. Thoughts? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105250000.f4P002501947>