Date: Thu, 21 Apr 2005 21:49:58 -0600 From: Pat Maddox <pergesu@gmail.com> To: freebsd-security@freebsd.org Subject: Re: Information disclosure? Message-ID: <810a540e05042120493eb79da0@mail.gmail.com> In-Reply-To: <42686A29.7090900@hackunite.net> References: <42686A29.7090900@hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
No, it's not meant to clear the buffer. If you need to clear the buffer, just cat a really, really long file. On 4/21/05, Jesper Wallin <jesper@hackunite.net> wrote: > Hello, >=20 > For some reason, I thought little about the "clear" command today.. > Let's say a privileged user (root) logs on, edit a sensitive file (e.g, > a file containing a password, running vipw, etc) .. then runs clear and > logout. Then anyone can press the scroll-lock command, scroll back up > and read the sensitive information.. Isn't "clear" ment to clear the > backbuffer instead of printing a full screen of returns? If it does, I'm > not sure how that would effect a user running "clear" on a pty (telnet, > sshd, screen, etc) .. >=20 > Best regards, > Jesper Wallin >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?810a540e05042120493eb79da0>