lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170120133156.GA11329@kroah.com>
Date:   Fri, 20 Jan 2017 14:31:56 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Adam Borowski <kilobyte@...band.pl>
Cc:     Manuel Schölling <manuel.schoelling@....de>,
        jslaby@...e.com, lkml14@...tdoyle.com, rdunlap@...radead.org,
        shorne@...il.com, andrey_utkin@...tmail.com,
        akpm@...ux-foundation.org, paul.burton@...tec.com,
        daniel.vetter@...ll.ch, tj@...nel.org, hdegoede@...hat.com,
        linux-kernel@...r.kernel.org, linux-fbdev@...r.kernel.org
Subject: Re: [PATCH v10 3/4] console: Add persistent scrollback buffers for
 all VGA consoles

On Fri, Jan 20, 2017 at 02:16:11PM +0100, Adam Borowski wrote:
> On Fri, Jan 20, 2017 at 12:04:12AM +0100, Adam Borowski wrote:
> > On Thu, Jan 19, 2017 at 05:33:14PM +0100, Greg KH wrote:
> > > On Thu, Jan 19, 2017 at 05:12:15PM +0100, Manuel Schölling wrote:
> > > > On Thu, 2017-01-19 at 14:23 +0100, Greg KH wrote:
> > > > > On Fri, Jan 13, 2017 at 09:07:57PM +0100, Manuel Schölling wrote:
> > > > > > +	  This feature might break your tool of choice to flush
> > > > > > the scrollback
> > > > > > +	  buffer, e.g. clear(1) will work fine but Debian's
> > > > > > clear_console(1)
> > > > > > +	  will be broken, which might cause security issues.
> > > > > > +	  You can use the escape sequence \e[3J instead if this
> > > > > > feature is
> > > > > > +	  activated.
> > > 
> > > I'd recommend that patch get to clear_console() first, having it use the
> > > new escape sequence, if it isn't supported, shouldn't cause any
> > > problems, right?
> > 
> > doko: would you consider, pretty please with a cherry on top, applying the
> > patch I've sent to this bug?  The privacy/security issue is pretty minor and
> > applies only to a tiny fraction of users, but I understand why Greg is
> > reluctant.
> 
> # Subject: Bug#845177 closed by Matthias Klose <doko@...ian.org>
> #
> # This is an automatic notification regarding your Bug report
> # which was filed against the bash package:
> #
> # #845177: clear_console: assumes VT switch clears scrollback
> #
> # It has been closed by Matthias Klose <doko@...ian.org>.
> [...]
> # Changes:
> #    * clear_console: Securely erase the current console. Closes: #845177.

This means it was accepted?  Or rejected?

confused,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ