Re: Information disclosure?
No, it's not meant to clear the buffer. If you need to clear the
buffer, just cat a really, really long file.
On 4/21/05, Jesper Wallin <jesper@hackunite.net> wrote:
> Hello,
>=20
> For some reason, I thought little about the "clear" command today..
> Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
> a file containing a password, running vipw, etc) .. then runs clear and
> logout. Then anyone can press the scroll-lock command, scroll back up
> and read the sensitive information.. Isn't "clear" ment to clear the
> backbuffer instead of printing a full screen of returns? If it does, I'm
> not sure how that would effect a user running "clear" on a pty (telnet,
> sshd, screen, etc) ..
>=20
> Best regards,
> Jesper Wallin
>=20
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g"
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 12 篇):