Re: Information disclosure?

From: Pat Maddox (pergesu_at_gmail.com)
Date: 04/22/05

  • Next message: Jesper Wallin: "Re: Information disclosure?"
    Date: Thu, 21 Apr 2005 21:49:58 -0600
    To: freebsd-security@freebsd.org
    
    

    No, it's not meant to clear the buffer. If you need to clear the
    buffer, just cat a really, really long file.

    On 4/21/05, Jesper Wallin <jesper@hackunite.net> wrote:
    > Hello,
    >
    > For some reason, I thought little about the "clear" command today..
    > Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
    > a file containing a password, running vipw, etc) .. then runs clear and
    > logout. Then anyone can press the scroll-lock command, scroll back up
    > and read the sensitive information.. Isn't "clear" ment to clear the
    > backbuffer instead of printing a full screen of returns? If it does, I'm
    > not sure how that would effect a user running "clear" on a pty (telnet,
    > sshd, screen, etc) ..
    >
    > Best regards,
    > Jesper Wallin
    >
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    >
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Jesper Wallin: "Re: Information disclosure?"

    Relevant Pages

    • Re: Information disclosure?
      ... Pat Maddox wrote: ... | buffer, just cat a really, really long file. ... To unsubscribe, ...
      (FreeBSD-Security)
    • Re: filename and pipes and *
      ... > passing the output to the sed command. ... It is not a matter of memory but of the buffer used to temporarily hold ... Would you want cat to behave by always reading in the entire file before ...
      (comp.unix.shell)
    • Re: Pipes, cat buffer size
      ... suppose this is because cat writes in 64 kB blocks. ... buffer enough data for it. ... decouples how the reader and the writer interact. ... I believe patching cat to bring its block size into the century of the ...
      (freebsd-hackers)
    • Re: strace on cat /proc/my_file gives results by calling read twice why?
      ... > return that many) and a second time, when it tries to read more ... > reasons, reaching EOF only being one of them. ... > 'cat' or into a function it uses to read from the file. ... > use some buffer for reading, so 4096 is probably a choice someone ...
      (comp.os.linux.development.system)
    • Re: Line-by-line processing when stdin is not a tty
      ... need an option on the upstream program to tell it to line ... buffer explicitly ... I have to wonder why cat knows or cares. ... The issue relates to the standard C library. ...
      (comp.lang.python)