Date: Fri, 22 Apr 2005 00:14:21 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Jesper Wallin <jesper@hackunite.net> Cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? Message-ID: <20050422001054.V9404@odysseus.silby.com> In-Reply-To: <42686A29.7090900@hackunite.net> References: <42686A29.7090900@hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 Apr 2005, Jesper Wallin wrote: > Hello, > > For some reason, I thought little about the "clear" command today.. Let's say > a privileged user (root) logs on, edit a sensitive file (e.g, a file > containing a password, running vipw, etc) .. then runs clear and logout. Then > anyone can press the scroll-lock command, scroll back up and read the > sensitive information.. Isn't "clear" ment to clear the backbuffer instead of > printing a full screen of returns? If it does, I'm not sure how that would > effect a user running "clear" on a pty (telnet, sshd, screen, etc) .. > > > Best regards, > Jesper Wallin I've often wondered the same thing when connected in via a ssh session. If there was a way to implement this functionality without uglifying the code too much, I don't see why anyone would object to it. But I don't think you're going to get someone else to code it for you. :) Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050422001054.V9404>