Date: Fri, 22 Apr 2005 06:21:49 +0200 From: Jesper Wallin <jesper@hackunite.net> To: Pat Maddox <pergesu@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? Message-ID: <42687BDD.6000008@hackunite.net> In-Reply-To: <810a540e05042120493eb79da0@mail.gmail.com> References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Heh, that sounds more like a ugly hack than a solution if you ask me. Pat Maddox wrote: >No, it's not meant to clear the buffer. If you need to clear the >buffer, just cat a really, really long file. > > > >On 4/21/05, Jesper Wallin <jesper@hackunite.net> wrote: > > >>Hello, >> >>For some reason, I thought little about the "clear" command today.. >>Let's say a privileged user (root) logs on, edit a sensitive file (e.g, >>a file containing a password, running vipw, etc) .. then runs clear and >>logout. Then anyone can press the scroll-lock command, scroll back up >>and read the sensitive information.. Isn't "clear" ment to clear the >>backbuffer instead of printing a full screen of returns? If it does, I'm >>not sure how that would effect a user running "clear" on a pty (telnet, >>sshd, screen, etc) .. >> >>Best regards, >>Jesper Wallin >> >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >> >> >> >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42687BDD.6000008>