Information disclosure?
Neo-Vortex
root at Neo-Vortex.net
Thu Apr 21 23:19:25 PDT 2005
i had the same thing, although i wanted it for all logouts, my hack works
fairly well unless you use telnet or serial consoles, but works fine for
the normal console and ssh :)
edit /etc/gettytab and there should be a line that looks like this:
default:\
:cb:ce:ck:lc:fd#1000:im=<snip>\
:if=/etc/issue:
pretty much, change it to look like this
default:\
:cb:ce:ck:lc:fd#1000:im=\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<snip>\f\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
:if=/etc/issue:
(sorry if it looks ugly on some systems :P)
but yeah, just fill it up with \r\n - if you use telnet or a serial
console, when it shows the logon screen you have a long wait... but for
the console its fine :) clears when you logout (i think you have to send
signal 1 to init) or just reboot
also, clear just sends a \f - or was it \l, i forgot wich clears it, it
dosent send a screenful of new lines :)
~Neo-Vortex
On Fri, 22 Apr 2005, Jesper Wallin wrote:
> Hello,
>
> For some reason, I thought little about the "clear" command today..
> Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
> a file containing a password, running vipw, etc) .. then runs clear and
> logout. Then anyone can press the scroll-lock command, scroll back up
> and read the sensitive information.. Isn't "clear" ment to clear the
> backbuffer instead of printing a full screen of returns? If it does, I'm
> not sure how that would effect a user running "clear" on a pty (telnet,
> sshd, screen, etc) ..
>
>
> Best regards,
> Jesper Wallin
>
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list