Re: Information disclosure?
From: Lowell Gilbert (freebsd-security-local_at_be-well.ilk.org)
Date: 04/22/05
- Previous message: Neo-Vortex: "Re: Information disclosure?"
- In reply to: Jesper Wallin: "Information disclosure?"
- Next in thread: Dean Strik: "Re: Information disclosure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: jesper@hackunite.net Date: 22 Apr 2005 08:37:20 -0400
Jesper Wallin <jesper@hackunite.net> writes:
> For some reason, I thought little about the "clear" command
> today.. Let's say a privileged user (root) logs on, edit a sensitive
> file (e.g, a file containing a password, running vipw, etc) .. then
> runs clear and logout. Then anyone can press the scroll-lock command,
> scroll back up and read the sensitive information.. Isn't "clear" ment
> to clear the backbuffer instead of printing a full screen of returns?
That might have made sense, but it's never been the case. clear(1) is
meant and documented to execute the "clear_screen" termcap sequence.
If you want to clear the history buffer, just use vidcontrol(1). It
has options to clear or change the size of the history buffer, and it
is already specific to syscons(4), so it doesn't need to be as general
as termcap(5).
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Neo-Vortex: "Re: Information disclosure?"
- In reply to: Jesper Wallin: "Information disclosure?"
- Next in thread: Dean Strik: "Re: Information disclosure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
