Re: Information disclosure?
From: Mike Silbersack (silby_at_silby.com)
Date: 04/22/05
- Previous message: Jesper Wallin: "Re: Information disclosure?"
- In reply to: Jesper Wallin: "Information disclosure?"
- Next in thread: freebsd-security_at_dfmm.org: "Re: Information disclosure?"
- Reply: freebsd-security_at_dfmm.org: "Re: Information disclosure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Apr 2005 00:14:21 -0500 (CDT) To: Jesper Wallin <jesper@hackunite.net>
On Fri, 22 Apr 2005, Jesper Wallin wrote:
> Hello,
>
> For some reason, I thought little about the "clear" command today.. Let's say
> a privileged user (root) logs on, edit a sensitive file (e.g, a file
> containing a password, running vipw, etc) .. then runs clear and logout. Then
> anyone can press the scroll-lock command, scroll back up and read the
> sensitive information.. Isn't "clear" ment to clear the backbuffer instead of
> printing a full screen of returns? If it does, I'm not sure how that would
> effect a user running "clear" on a pty (telnet, sshd, screen, etc) ..
>
>
> Best regards,
> Jesper Wallin
I've often wondered the same thing when connected in via a ssh session.
If there was a way to implement this functionality without uglifying the
code too much, I don't see why anyone would object to it.
But I don't think you're going to get someone else to code it for you. :)
Mike "Silby" Silbersack
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jesper Wallin: "Re: Information disclosure?"
- In reply to: Jesper Wallin: "Information disclosure?"
- Next in thread: freebsd-security_at_dfmm.org: "Re: Information disclosure?"
- Reply: freebsd-security_at_dfmm.org: "Re: Information disclosure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
