Information disclosure?

[Dean Strik]

Jesper Wallin wrote:
> For some reason, I thought little about the "clear" command today.. 
> Let's say a privileged user (root) logs on, edit a sensitive file (e.g, 
> a file containing a password, running vipw, etc) .. then runs clear and 
> logout. Then anyone can press the scroll-lock command, scroll back up 
> and read the sensitive information.. Isn't "clear" ment to clear the 
> backbuffer instead of printing a full screen of returns? If it does, I'm 
> not sure how that would effect a user running "clear" on a pty (telnet, 
> sshd, screen, etc) ..

vidcontrol -C ; clear

-- 
Dean C. Strik             Eindhoven University of Technology
dean at stack.nl  |  dean at ipnet6.org  |  http://www.ipnet6.org/
"This isn't right. This isn't even wrong." -- Wolfgang Pauli