Re: Information disclosure?
Jesper Wallin <jesper@hackunite.net> writes:
> For some reason, I thought little about the "clear" command
> today.. Let's say a privileged user (root) logs on, edit a sensitive
> file (e.g, a file containing a password, running vipw, etc) .. then
> runs clear and logout. Then anyone can press the scroll-lock command,
> scroll back up and read the sensitive information.. Isn't "clear" ment
> to clear the backbuffer instead of printing a full screen of returns?
That might have made sense, but it's never been the case. clear(1) is
meant and documented to execute the "clear_screen" termcap sequence.
If you want to clear the history buffer, just use vidcontrol(1). It
has options to clear or change the size of the history buffer, and it
is already specific to syscons(4), so it doesn't need to be as general
as termcap(5).
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 7 之 12 篇):