Information disclosure?
Jesper Wallin
jesper at hackunite.net
Thu Apr 21 21:21:57 PDT 2005
Heh, that sounds more like a ugly hack than a solution if you ask me.
Pat Maddox wrote:
>No, it's not meant to clear the buffer. If you need to clear the
>buffer, just cat a really, really long file.
>
>
>
>On 4/21/05, Jesper Wallin <jesper at hackunite.net> wrote:
>
>
>>Hello,
>>
>>For some reason, I thought little about the "clear" command today..
>>Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
>>a file containing a password, running vipw, etc) .. then runs clear and
>>logout. Then anyone can press the scroll-lock command, scroll back up
>>and read the sensitive information.. Isn't "clear" ment to clear the
>>backbuffer instead of printing a full screen of returns? If it does, I'm
>>not sure how that would effect a user running "clear" on a pty (telnet,
>>sshd, screen, etc) ..
>>
>>Best regards,
>>Jesper Wallin
>>
>>_______________________________________________
>>freebsd-security at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>>
>>
>>
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
>
More information about the freebsd-security
mailing list