Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: openbsd.org > bugs > 03 > 030903.html (Request Expert openbsd.org Support)

system/3128: Session scrollback security exposure

From: <root(at)shopip.com>
Date: Sun Mar 02 2003 - 06:25:36 EST


>Number: 3128
>Category: system
>Synopsis: Console logout does not clear scrollback buffer.
>Confidential: no
shopip.com
>Environment: 

	System      : OpenBSD 3.2
	Architecture: OpenBSD.i386
	Machine     : i386

>Description:

	When logging out the console screen is cleared, however the scrollback
	buffer is not. Someone not even logged in can view 7 (?) pages of
	output from the previous session. A security exposure.

>How-To-Repeat:

	Log in, log out, then use shift-scrollup/down to view the scrollback
	buffer output.

>Fix:

	Workaround: Right after logout, use ctrl-alt Fn to switch console, then 
	switch back. This erases scrollback buffer (unfortunately, but
	it's useful here).
	Fix: Clear the scrollback buffer at console logout time.

>Release-Note:
Received on Sun Mar 2 14:18:30 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:51 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library