[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: system/3128: Session scrollback security exposure



The following reply was made to PR system/3128; it has been noted by GNATS.

From: David Krause <openbsd_(_at_)_davidkrause_(_dot_)_com>
To: root_(_at_)_shopip_(_dot_)_com
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: system/3128: Session scrollback security exposure
Date: Sun, 2 Mar 2003 17:42:51 -0600

 > >Description:
 > 	When logging out the console screen is cleared, however the scrollback
 > 	buffer is not. Someone not even logged in can view 7 (?) pages of
 > 	output from the previous session. A security exposure.
 > >How-To-Repeat:
 > 	Log in, log out, then use shift-scrollup/down to view the scrollback
 > 	buffer output.
 > >Fix:
 > 	Workaround: Right after logout, use ctrl-alt Fn to switch console, then 
 > 	switch back. This erases scrollback buffer (unfortunately, but
 > 	it's useful here).
 > 	Fix: Clear the scrollback buffer at console logout time.
 
 The FAQ explains how to clear the console automatically after logout:
 http://www.openbsd.org/faq/faq7.html#ConsoleClear
 
 David



Visit your host, monkey.org