Information disclosure?
Dean Strik
dean at stack.nl
Fri Apr 22 03:20:39 PDT 2005
Jesper Wallin wrote:
> For some reason, I thought little about the "clear" command today..
> Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
> a file containing a password, running vipw, etc) .. then runs clear and
> logout. Then anyone can press the scroll-lock command, scroll back up
> and read the sensitive information.. Isn't "clear" ment to clear the
> backbuffer instead of printing a full screen of returns? If it does, I'm
> not sure how that would effect a user running "clear" on a pty (telnet,
> sshd, screen, etc) ..
vidcontrol -C ; clear
--
Dean C. Strik Eindhoven University of Technology
dean at stack.nl | dean at ipnet6.org | http://www.ipnet6.org/
"This isn't right. This isn't even wrong." -- Wolfgang Pauli
More information about the freebsd-security
mailing list