Information disclosure?

From: Jesper Wallin (jesper_at_hackunite.net)
Date: 04/22/05

  • Next message: Pat Maddox: "Re: Information disclosure?"
    Date: Fri, 22 Apr 2005 05:06:17 +0200
    To: freebsd-security@freebsd.org
    
    

    Hello,

    For some reason, I thought little about the "clear" command today..
    Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
    a file containing a password, running vipw, etc) .. then runs clear and
    logout. Then anyone can press the scroll-lock command, scroll back up
    and read the sensitive information.. Isn't "clear" ment to clear the
    backbuffer instead of printing a full screen of returns? If it does, I'm
    not sure how that would effect a user running "clear" on a pty (telnet,
    sshd, screen, etc) ..

    Best regards,
    Jesper Wallin

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Pat Maddox: "Re: Information disclosure?"

    Relevant Pages

    • Re: Processing Ideas Needed:
      ... a selection can be added to a page to submit this command ... I don't want to give the user CMKRNL to be able to select the option ... You could also let one process (of the privileged user) create a mailbox and wait for a message that the other user is allowed to write into the mailbox. ...
      (comp.os.vms)
    • Re: Processing Ideas Needed:
      ... a selection can be added to a page to submit this command ... once the user selects the option it will notify the privileged user to ... request from the file and processes it ... ... if this were dibol cgi routines, ...
      (comp.os.vms)
    • Re: Processing Ideas Needed:
      ... a selection can be added to a page to submit this command ... I don't want to give the user CMKRNL to be able to select the option ... once the user selects the option it will notify the privileged user to run the command file ... and INSTALL it with CMKRNL privilege and any other privs needed to acces the DCL command file. ...
      (comp.os.vms)
    • Re: MacBook Pro: accidentally logged out from Dock?
      ... are Bluetooth, Camino, Dock, Eudora, Font Book, and MT-NewsWatcher. ... the Logs menu item of the Console utility. ... launch the Terminal program and issue this command - ... copy command cp as a privileged user. ...
      (comp.sys.mac.system)