Date: 22 Apr 2005 08:37:20 -0400 From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org> To: jesper@hackunite.net Cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? Message-ID: <441x93vvgf.fsf@be-well.ilk.org> In-Reply-To: <42686A29.7090900@hackunite.net> References: <42686A29.7090900@hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jesper Wallin <jesper@hackunite.net> writes: > For some reason, I thought little about the "clear" command > today.. Let's say a privileged user (root) logs on, edit a sensitive > file (e.g, a file containing a password, running vipw, etc) .. then > runs clear and logout. Then anyone can press the scroll-lock command, > scroll back up and read the sensitive information.. Isn't "clear" ment > to clear the backbuffer instead of printing a full screen of returns? That might have made sense, but it's never been the case. clear(1) is meant and documented to execute the "clear_screen" termcap sequence. If you want to clear the history buffer, just use vidcontrol(1). It has options to clear or change the size of the history buffer, and it is already specific to syscons(4), so it doesn't need to be as general as termcap(5).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?441x93vvgf.fsf>