lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 1 Dec 2016 21:31:40 +0000
From:   Andrey Utkin <andrey_utkin@...tmail.com>
To:     Manuel Schölling <manuel.schoelling@....de>
Cc:     plagnioj@...osoft.com, tomi.valkeinen@...com, jslaby@...e.cz,
        gregkh@...uxfoundation.org, kilobyte@...band.pl,
        linux-fbdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 0/3] console: Add persistent scrollback buffers for
 all VGA consoles

On Thu, Dec 01, 2016 at 10:03:23PM +0100, Manuel Schölling wrote:
> Hi Andrey,
> 
> On Di, 2016-11-29 at 10:01 +0000, Andrey Utkin wrote:
> > On Mon, Nov 28, 2016 at 10:28:19PM +0100, Manuel Schölling wrote:
> > Regarding logout scrollback clearing not working for me. ncurses-6.0-rc1
> > which I tested it with is the latest available in Gentoo portage, please
> > confirm whether I need any newer version, or should I tune something
> > else. I'd appreciate if you also tested your patch with gentoo setup.
> 
> I finally setup gentoo

Wow, what a big undertaking.

> running agetty (util-linux-2.26.2) and patching
> the file term-utils/agetty.c with
> 
> static void termio_clear(int fd)
> {
> 	/*
> 	 * Do not write a full reset (ESC c) because this destroys
> 	 * the unicode mode again if the terminal was in unicode
> 	 * mode.  Also it clears the CONSOLE_MAGIC features which
> 	 * are required for some languages/console-fonts.
> 	 * Just put the cursor to the home position (ESC [ H),
> 	 * erase everything below the cursor (ESC [ J), and set the
> 	 * scrolling region to the full window (ESC [ r)
> 	 */
> -	write_all(fd, "\033[r\033[H\033[J", 9);
> +	write_all(fd, "\033[3J\033[r\033[H\033[J", 13);
> }
> 
> solves the issue with the scrollback buffer after log out.
> Let me know if you agree that this is the right way to go and I will
> send a patch to the maintainer of util-linux.

I believe you that this works and you must know better than me whether
this solution is correct. Besides that, I'd suggest updating that large
block comment before the updated write_all() call to describe the new
action you're doing. Please CC me in your discussion with util-linux
maintainers.

Also I'd suggest coming back in a while, to set this feature enabled by
default. I wonder how many years to wait gracefully until "stable"
distros update util-linux to ensure secure scrollback wiping. 3? 5?

> Thanks again for spending all this time to test the patch!

Thank you very much for your time and effort in bringing this useful
feature!

I give all sorts of my approval on this patchset:
Reviewed-by: Andrey Utkin <andrey_utkin@...tmail.com>
Tested-by: Andrey Utkin <andrey_utkin@...tmail.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ