From yar@bsd.chem.msu.ru  Thu May 24 07:16:07 2001
Return-Path: <yar@bsd.chem.msu.ru>
Received: from bsd.chem.msu.ru (bsd.chem.msu.ru [195.208.208.22])
	by hub.freebsd.org (Postfix) with ESMTP id 4364B37B422
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 24 May 2001 07:15:56 -0700 (PDT)
	(envelope-from yar@bsd.chem.msu.ru)
Received: (from yar@localhost)
	by bsd.chem.msu.ru (8.11.3/8.11.3) id f4OEFYC91388;
	Thu, 24 May 2001 18:15:34 +0400 (MSD)
	(envelope-from yar)
Message-Id: <200105241415.f4OEFYC91388@bsd.chem.msu.ru>
Date: Thu, 24 May 2001 18:15:34 +0400 (MSD)
From: yar@comp.chem.msu.su
Reply-To: yar@bsd.chem.msu.ru
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Syscons history permits peeking in the previous session output
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         27616
>Category:       kern
>Synopsis:       Syscons history permits peeking in the previous session output
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    dd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 24 07:20:01 PDT 2001
>Closed-Date:    Thu Jul 19 00:55:29 PDT 2001
>Last-Modified:  Thu Jul 19 00:55:40 PDT 2001
>Originator:     Yar Tikhiy
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
Moscow State University
>Environment:

	All versions
	
>Description:

	Despites most programs avoid showing sensitive information
	like passwords, it's a bad idea in general to leave your
	session output on the screen after logging out.

	Therefore the syscons driver should clear the corresponding
	history buffer when a vty device is being closed, but it
	fails to.

	There is some code addressing the problem in the scclose()
	function, but it's ifndef'ed out, and its status is rather
	unclear.
	
>How-To-Repeat:
	
	Log off a FreeBSD vty, hit ScrollLock, scroll to the
	terminated session contents using Up or PageUp and see your
	decrypted love-letters, private talks etc.

>Fix:
>Release-Note:
>Audit-Trail:

From: David Malone <dwmalone@maths.tcd.ie>
To: yar@bsd.chem.msu.ru
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/27616: Syscons history permits peeking in the previous session output
Date: Thu, 24 May 2001 15:33:59 +0100

 > >How-To-Repeat:
 > 	
 > 	Log off a FreeBSD vty, hit ScrollLock, scroll to the
 > 	terminated session contents using Up or PageUp and see your
 > 	decrypted love-letters, private talks etc.
 
 Couldn't you set the size of the scroll-back buffer to zero if this
 upsets you or your users? (kbdcontrol -h 1 will effectively do this).
 Alot of terminal emulators would have this problem.
 
 (Loosing the scroll back buffer on logout would be likely to upset
 some people 'cos it means that console log messages would be erased.)
 
 	David.

From: Yar Tikhiy <yar@freebsd.org>
To: David Malone <dwmalone@maths.tcd.ie>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/27616: Syscons history permits peeking in the previous session output
Date: Thu, 24 May 2001 18:54:50 +0400

 On Thu, May 24, 2001 at 03:33:59PM +0100, David Malone wrote:
 > > >How-To-Repeat:
 > > 	
 > > 	Log off a FreeBSD vty, hit ScrollLock, scroll to the
 > > 	terminated session contents using Up or PageUp and see your
 > > 	decrypted love-letters, private talks etc.
 > 
 > Couldn't you set the size of the scroll-back buffer to zero if this
 > upsets you or your users? (kbdcontrol -h 1 will effectively do this).
 
 First, one wouldn't like to lose the history buffer at all.
 Second, it's neither me nor my users who is upset by the issue.
 It's a general security problem, though.
 
 > Alot of terminal emulators would have this problem.
  
 A lot of operating systems are buggy crap. FreeBSD is not ;-)
 
 > (Loosing the scroll back buffer on logout would be likely to upset
 > some people 'cos it means that console log messages would be erased.)
 
 Let it be a per-vty configurable option.
 
 -- 
 Yar

From: Dima Dorfman <dima@unixfreak.org>
To: Yar Tikhiy <yar@freebsd.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/27616: Syscons history permits peeking in the previous session output 
Date: Thu, 24 May 2001 16:54:13 -0700

 Yar Tikhiy <yar@freebsd.org> writes:
 >  On Thu, May 24, 2001 at 03:33:59PM +0100, David Malone wrote:
 >  > > >How-To-Repeat:
 >  > > 	
 >  > > 	Log off a FreeBSD vty, hit ScrollLock, scroll to the
 >  > > 	terminated session contents using Up or PageUp and see your
 >  > > 	decrypted love-letters, private talks etc.
 >  > 
 >  > Couldn't you set the size of the scroll-back buffer to zero if this
 >  > upsets you or your users? (kbdcontrol -h 1 will effectively do this).
 >  
 >  First, one wouldn't like to lose the history buffer at all.
 >  Second, it's neither me nor my users who is upset by the issue.
 >  It's a general security problem, though.
 >  
 >  > Alot of terminal emulators would have this problem.
 >   
 >  A lot of operating systems are buggy crap. FreeBSD is not ;-)
 >  
 >  > (Loosing the scroll back buffer on logout would be likely to upset
 >  > some people 'cos it means that console log messages would be erased.)
 >  
 >  Let it be a per-vty configurable option.
 
 How about adding an option to kbdcontrol(1) to clear the buffer?  If
 the user knows they've been reading love letters, they can clear it
 manually.  Or if they're always reading love letters, they can stick
 `kbdcontrol -c' in .logout and forget about it.  This has the
 fortunate sideaffects of giving the user an option of *when* to clear
 it and *if* to clear it.
 
 Trivial patch attached.
 
 Thoughts?

From: Dima Dorfman <dima@unixfreak.org>
To: yar@freebsd.org
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/27616: Syscons history permits peeking in the previous session output 
Date: Thu, 24 May 2001 17:02:12 -0700

 Dima Dorfman <dima@unixfreak.org> writes:
 > The following reply was made to PR kern/27616; it has been noted by GNATS.
 > 
 > From: Dima Dorfman <dima@unixfreak.org>
 > To: Yar Tikhiy <yar@freebsd.org>
 > Cc: freebsd-gnats-submit@FreeBSD.org
 > Subject: Re: kern/27616: Syscons history permits peeking in the previous sess
 > ion output 
 > Date: Thu, 24 May 2001 16:54:13 -0700
 > 
 >  Yar Tikhiy <yar@freebsd.org> writes:
 >  >  On Thu, May 24, 2001 at 03:33:59PM +0100, David Malone wrote:
 >  >  > > >How-To-Repeat:
 >  >  > > 	
 >  >  > > 	Log off a FreeBSD vty, hit ScrollLock, scroll to the
 >  >  > > 	terminated session contents using Up or PageUp and see your
 >  >  > > 	decrypted love-letters, private talks etc.
 >  >  > 
 >  >  > Couldn't you set the size of the scroll-back buffer to zero if this
 >  >  > upsets you or your users? (kbdcontrol -h 1 will effectively do this).
 >  >  
 >  >  First, one wouldn't like to lose the history buffer at all.
 >  >  Second, it's neither me nor my users who is upset by the issue.
 >  >  It's a general security problem, though.
 >  >  
 >  >  > Alot of terminal emulators would have this problem.
 >  >   
 >  >  A lot of operating systems are buggy crap. FreeBSD is not ;-)
 >  >  
 >  >  > (Loosing the scroll back buffer on logout would be likely to upset
 >  >  > some people 'cos it means that console log messages would be erased.)
 >  >  
 >  >  Let it be a per-vty configurable option.
 >  
 >  How about adding an option to kbdcontrol(1) to clear the buffer?  If
 >  the user knows they've been reading love letters, they can clear it
 >  manually.  Or if they're always reading love letters, they can stick
 >  `kbdcontrol -c' in .logout and forget about it.  This has the
 >  fortunate sideaffects of giving the user an option of *when* to clear
 >  it and *if* to clear it.
 >  
 >  Trivial patch attached.
 >  
 >  Thoughts?
 
 Okay, I goofed.  I hit 'sent' instead of 'sign' :-/.  Here's the patch
 as mentioned above.
 
 					Dima Dorfman
 					dima@unixfreak.org
 
 Index: sys/sys/consio.h
 ===================================================================
 RCS file: /stl/src/FreeBSD/src/sys/sys/consio.h,v
 retrieving revision 1.8
 diff -u -r1.8 consio.h
 --- sys/sys/consio.h	2001/05/18 09:01:53	1.8
 +++ sys/sys/consio.h	2001/05/24 23:50:42
 @@ -116,6 +116,9 @@
  /* set the history (scroll back) buffer size (in lines) */
  #define CONS_HISTORY	_IOW('c', 9, int)
  
 +/* clear the history (scroll back) buffer */
 +#define CONS_CLRHIST	_IO('c', 10)
 +
  /* mouse cursor ioctl */
  struct mouse_data {
  	int		x;
 Index: sys/dev/syscons/schistory.c
 ===================================================================
 RCS file: /stl/src/FreeBSD/src/sys/dev/syscons/schistory.c,v
 retrieving revision 1.11
 diff -u -r1.11 schistory.c
 --- sys/dev/syscons/schistory.c	2000/10/08 21:33:54	1.11
 +++ sys/dev/syscons/schistory.c	2001/05/24 23:50:42
 @@ -299,6 +299,12 @@
  		DPRINTF(5, ("error:%d, rows:%d, pool:%d\n", error,
  			    sc_vtb_rows(scp->history), extra_history_size));
  		return error;
 +
 +	case CONS_CLRHIST:
 +		scp = SC_STAT(tp->t_dev);
 +		sc_vtb_clear(scp->history, scp->sc->scr_map[0x20],
 +		    SC_NORM_ATTR << 8);
 +		return 0;
  	}
  
  	return ENOIOCTL;
 Index: usr.sbin/kbdcontrol/kbdcontrol.1
 ===================================================================
 RCS file: /stl/src/FreeBSD/src/usr.sbin/kbdcontrol/kbdcontrol.1,v
 retrieving revision 1.28
 diff -u -r1.28 kbdcontrol.1
 --- usr.sbin/kbdcontrol/kbdcontrol.1	2001/05/16 09:40:12	1.28
 +++ usr.sbin/kbdcontrol/kbdcontrol.1	2001/05/24 23:50:42
 @@ -13,7 +13,7 @@
  .\"     @(#)kbdcontrol.1
  .\" $FreeBSD: src/usr.sbin/kbdcontrol/kbdcontrol.1,v 1.28 2001/05/16 09:40:12 ru Exp $
  .\"
 -.Dd June 30, 1999
 +.Dd May 24, 2001
  .Dt KBDCONTROL 1
  .Os FreeBSD
  .Sh NAME
 @@ -21,7 +21,7 @@
  .Nd a utility for manipulating the syscons console driver
  .Sh SYNOPSIS
  .Nm
 -.Op Fl dFKix
 +.Op Fl cdFKix
  .Oo
  .Fl b
  .Ar duration . Ns Ar pitch | Ar belltype
 @@ -97,6 +97,8 @@
  .Ar keymap_file .
  You may load the keyboard map file from a menu-driven command, 
  .Xr kbdmap 1 .
 +.It Fl c
 +Clear the history buffer.
  .It Fl d
  Dump the current keyboard map onto stdout.
  The output may be redirected to a file and can be loaded
 Index: usr.sbin/kbdcontrol/kbdcontrol.c
 ===================================================================
 RCS file: /stl/src/FreeBSD/src/usr.sbin/kbdcontrol/kbdcontrol.c,v
 retrieving revision 1.36
 diff -u -r1.36 kbdcontrol.c
 --- usr.sbin/kbdcontrol/kbdcontrol.c	2001/05/15 22:53:05	1.36
 +++ usr.sbin/kbdcontrol/kbdcontrol.c	2001/05/24 23:50:42
 @@ -980,6 +980,14 @@
  		warn("setting history buffer size");
  }
  
 +void
 +clear_history()
 +{
 +
 +	if (ioctl(0, CONS_CLRHIST) == -1)
 +		warn("clear history buffer");
 +}
 +
  static char
  *get_kbd_type_name(int type)
  {
 @@ -1079,7 +1087,7 @@
  usage()
  {
  	fprintf(stderr, "%s\n%s\n%s\n",
 -"usage: kbdcontrol [-dFKix] [-b  duration.pitch | [quiet.]belltype]",
 +"usage: kbdcontrol [-cdFKix] [-b  duration.pitch | [quiet.]belltype]",
  "                  [-r delay.repeat | speed] [-l mapfile] [-f # string]",
  "                  [-h size] [-k device] [-L mapfile]");
  	exit(1);
 @@ -1091,10 +1099,13 @@
  {
  	int		opt;
  
 -	while((opt = getopt(argc, argv, "b:df:h:iKk:Fl:L:r:x")) != -1)
 +	while((opt = getopt(argc, argv, "b:cdf:h:iKk:Fl:L:r:x")) != -1)
  		switch(opt) {
  			case 'b':
  				set_bell_values(optarg);
 +				break;
 +			case 'c':
 +				clear_history();
  				break;
  			case 'd':
  				print_keymap();

From: Dima Dorfman <dima@unixfreak.org>
To: freebsd-gnats-submit@FreeBSD.ORG
Cc:  
Subject: Re: kern/27616: Syscons history permits peeking in the previous session output 
Date: Fri, 25 May 2001 17:35:35 -0700

 .@babolo.ru writes:
 > Dima Dorfman writes:
 > >  Yar Tikhiy <yar@freebsd.org> writes:
 > >  >  Let it be a per-vty configurable option.
 > >  
 > >  How about adding an option to kbdcontrol(1) to clear the buffer?  If
 > >  the user knows they've been reading love letters, they can clear it
 > >  manually.  Or if they're always reading love letters, they can stick
 > >  `kbdcontrol -c' in .logout and forget about it.  This has the
 > >  fortunate sideaffects of giving the user an option of *when* to clear
 > >  it and *if* to clear it.
 > >  
 > >  Trivial patch attached.
 > >  
 > >  Thoughts?
 > why kbdcontrol, not vidcontrol?
 
 Because the option to change the history size (-h) is in kbdcontrol,
 not vidcontrol.  Whether it should be in vidcontrol is a subject for
 another thread; personally, I don't care as long as it's consistent.
 Putting -c, the option to clear history, in the same program as -h,
 the option to change history size, is consistent.
 
 > 
 > -- 
 > @BABOLO      http://links.ru/
 > 
State-Changed-From-To: open->analyzed 
State-Changed-By: dd 
State-Changed-When: Sat Jun 9 17:54:50 PDT 2001 
State-Changed-Why:  
A CONS_CLRHIST ioctl, which allows one to selectively clear the history, 
had been added. 


Responsible-Changed-From-To: freebsd-bugs->dd 
Responsible-Changed-By: dd 
Responsible-Changed-When: Sat Jun 9 17:54:50 PDT 2001 
Responsible-Changed-Why:  
My MFC reminder. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27616 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dd 
State-Changed-When: Thu Jul 19 00:55:29 PDT 2001 
State-Changed-Why:  


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27616 
>Unformatted:
