Date: Fri, 22 Apr 2005 05:06:17 +0200 From: Jesper Wallin <jesper@hackunite.net> To: freebsd-security@freebsd.org Subject: Information disclosure? Message-ID: <42686A29.7090900@hackunite.net>
next in thread | raw e-mail | index | archive | help
Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the backbuffer instead of printing a full screen of returns? If it does, I'm not sure how that would effect a user running "clear" on a pty (telnet, sshd, screen, etc) .. Best regards, Jesper Wallin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42686A29.7090900>