Re: Information disclosure?

From: Jesper Wallin (jesper_at_hackunite.net)
Date: 04/22/05

  • Next message: Mike Silbersack: "Re: Information disclosure?"
    Date: Fri, 22 Apr 2005 06:21:49 +0200
    To: Pat Maddox <pergesu@gmail.com>
    
    

    Heh, that sounds more like a ugly hack than a solution if you ask me.

    Pat Maddox wrote:

    >No, it's not meant to clear the buffer. If you need to clear the
    >buffer, just cat a really, really long file.
    >
    >
    >
    >On 4/21/05, Jesper Wallin <jesper@hackunite.net> wrote:
    >
    >
    >>Hello,
    >>
    >>For some reason, I thought little about the "clear" command today..
    >>Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
    >>a file containing a password, running vipw, etc) .. then runs clear and
    >>logout. Then anyone can press the scroll-lock command, scroll back up
    >>and read the sensitive information.. Isn't "clear" ment to clear the
    >>backbuffer instead of printing a full screen of returns? If it does, I'm
    >>not sure how that would effect a user running "clear" on a pty (telnet,
    >>sshd, screen, etc) ..
    >>
    >>Best regards,
    >>Jesper Wallin
    >>
    >>_______________________________________________
    >>freebsd-security@freebsd.org mailing list
    >>http://lists.freebsd.org/mailman/listinfo/freebsd-security
    >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    >>
    >>
    >>
    >_______________________________________________
    >freebsd-security@freebsd.org mailing list
    >http://lists.freebsd.org/mailman/listinfo/freebsd-security
    >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    >
    >

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Mike Silbersack: "Re: Information disclosure?"