Information disclosure?
From: Jesper Wallin (jesper_at_hackunite.net)
Date: 04/22/05
- Previous message: Mike Tancsa: "Fwd: (KAME-snap 9012) racoon in the kame project"
- Next in thread: Pat Maddox: "Re: Information disclosure?"
- Reply: Pat Maddox: "Re: Information disclosure?"
- Reply: Mike Silbersack: "Re: Information disclosure?"
- Reply: Neo-Vortex: "Re: Information disclosure?"
- Reply: Lowell Gilbert: "Re: Information disclosure?"
- Reply: Dean Strik: "Re: Information disclosure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Apr 2005 05:06:17 +0200 To: freebsd-security@freebsd.org
Hello,
For some reason, I thought little about the "clear" command today..
Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
a file containing a password, running vipw, etc) .. then runs clear and
logout. Then anyone can press the scroll-lock command, scroll back up
and read the sensitive information.. Isn't "clear" ment to clear the
backbuffer instead of printing a full screen of returns? If it does, I'm
not sure how that would effect a user running "clear" on a pty (telnet,
sshd, screen, etc) ..
Best regards,
Jesper Wallin
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Mike Tancsa: "Fwd: (KAME-snap 9012) racoon in the kame project"
- Next in thread: Pat Maddox: "Re: Information disclosure?"
- Reply: Pat Maddox: "Re: Information disclosure?"
- Reply: Mike Silbersack: "Re: Information disclosure?"
- Reply: Neo-Vortex: "Re: Information disclosure?"
- Reply: Lowell Gilbert: "Re: Information disclosure?"
- Reply: Dean Strik: "Re: Information disclosure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
