Bug 701704
Summary: | doesn't clear the screen on logout | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bill Nottingham <notting> |
Component: | systemd | Assignee: | Lennart Poettering <lpoetter> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 15 | CC: | jlaska, johannbg, kzak, lpoetter, metherid, mschmidt, notting, plautrba, rhel, rvokal, tflink |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | RejectedNTH | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-07-14 12:57:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bill Nottingham
2011-05-03 15:53:03 UTC
At the suggestion from notting, I tested option#2 and option#3, both obviously worked. This feels like it has security implications since a user can view another users session output. I'm not aware of any 15 Final release criteria this would impact, but it seems like something we'd really want to resolve. Perhaps NTH might be a better fit. Either way, I think this should land in F15. (In reply to comment #1) > At the suggestion from notting, I tested option#2 and option#3, both obviously > worked. > > This feels like it has security implications since a user can view another > users session output. I'm not aware of any 15 Final release criteria this > would impact, but it seems like something we'd really want to resolve. Perhaps > NTH might be a better fit. Either way, I think this should land in F15. After some discussion w/ notting, I'm moving this to a proposed nice-to-have (NTH) fix for F15. We've confirmed that neither mingetty nor agetty inhibit the virtual console's native scrollback ability. So, prior to Fedora 15, assuming the clearback buffer wasn't purged, a user could <Shift>PgUp and scroll to view a previous logged in user's session info. This doesn't appear to be a change in behavior. However, having the session data still present on the screen seems like something people will notice, and seems worth discussing if a simple fix is available. The util-linux upstream goal is to merge mingetty features into agetty. My guess is that the new features will be available in Fedora-16. http://thread.gmane.org/gmane.linux.utilities.util-linux-ng/3929/focus=4015 Should we move this to util-linux, then, and document it (and potential workaround #2) in the release notes? (In reply to comment #4) > Should we move this to util-linux, then, and document it (and potential > workaround #2) in the release notes? Definitely seems worthy of some documentation for F15. Since the mingetty -> agetty change is intentional, I agree that release notes is a good fit. Discussed in the 2011-05-06 blocker review meeting. Rejected as NTH because it appears as if all parties agree that a fix in the F15 isn't practical but the change needs to be documented. If a tested fix becomes available, it can be re-proposed as NTH. So, I think this is actually fixable properly. We probably could teach systemd to deallocate a VT before invoking getty on it. The deallocation step should release the scrollback buffer completely (at least I hope, haven't tried it, but I'd bet on it). We wanted to add support for vhangup() on the ttys anyway, in order to ensure that the processes we start are guaranteed to be the only ones accessing it. Adding an option to flush the VT scrollback buffer should be relatively easy and could be exposed via the same (or similar) configuration options. So I am all for fixing this in systemd, rather then agetty, since whatever process we start we probably want to offer the same vhangup/screen clear options. This is not fixed properly in systemd git. With a suitably new kernel we will now issue an escape sequence that clears the scrollback buffer when getty is run. s/not/now/, obviously. http://cgit.freedesktop.org/systemd/commit/?id=b83bc4e9cce2ba46371e75fe0f83af32060f0ae3 This is now in Rawhide. |