Re: Information disclosure?

• Previous message: Marc Bevand: "Re: Information disclosure?"
• In reply to: Jesper Wallin: "Information disclosure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 22 Apr 2005 12:20:24 +0200
To: Jesper Wallin <jesper@hackunite.net>

Jesper Wallin wrote:
> For some reason, I thought little about the "clear" command today..
> Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
> a file containing a password, running vipw, etc) .. then runs clear and
> logout. Then anyone can press the scroll-lock command, scroll back up
> and read the sensitive information.. Isn't "clear" ment to clear the
> backbuffer instead of printing a full screen of returns? If it does, I'm
> not sure how that would effect a user running "clear" on a pty (telnet,
> sshd, screen, etc) ..

vidcontrol -C ; clear

-- 
Dean C. Strik             Eindhoven University of Technology
dean@stack.nl  |  dean@ipnet6.org  |  http://www.ipnet6.org/
"This isn't right. This isn't even wrong." -- Wolfgang Pauli
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Marc Bevand: "Re: Information disclosure?"
• In reply to: Jesper Wallin: "Information disclosure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Information disclosure? ... On Fri, 22 Apr 2005, Jesper Wallin wrote: ... > containing a password, running vipw, etc) .. ... then runs clear and logout. ... > anyone can press the scroll-lock command, scroll back up and read the ... (FreeBSD-Security) Re: Information disclosure? ... > a file containing a password, running vipw, etc) .. ... > logout. ... Then anyone can press the scroll-lock command, ... thing to do is to just disable the kernel-level text console scrollback ... (FreeBSD-Security)