Bug 807369

Summary: RFE: Clear screen including scroll-back buffer after locking session
Product: Red Hat Enterprise Linux 6 Reporter: Petr Pisar <ppisar>
Component: vlockAssignee: Karel Zak <kzak>
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2Keywords: FutureFeature
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-06 10:05:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 714684    
Bug Blocks: 836165    
Attachments:
Description Flags
Implement console erase none

Description Petr Pisar 2012-03-27 15:40:33 UTC 
Created attachment 573106 [details]
Implement console erase

There was a discussion (bug #681600) how to disable access to text printed before locking session while session is locked to prevent from leaking sensitive data.

Attached patch implements optional console erase by adding -e or --erase option to vlock command.

In addition, the scroll-back buffer is erased if underlying kernel supports it. The support exist in Linux since 3.0 and has been back-ported into RHEL-6 kernel too.

Making this feature default can be subject of further discussion.
Comment 2 RHEL Program Management 2012-07-10 08:27:46 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 Ludek Smid 2012-07-11 11:39:38 UTC 
This request was erroneously removed from consideration in
Red Hat Enterprise Linux 6.4, which is currently under
development.  This request will be evaluated for inclusion
in Red Hat Enterprise Linux 6.4.
Comment 4 Petr Pisar 2012-07-30 11:19:10 UTC 
I spotted a typo:

--- a/help.c
+++ b/help.c
@@ -26,6 +26,8 @@ void print_help(int exitcode) {
 	  "       switch to other virtual consoles.\n"
 	  "-a or --all: lock all virtual consoles by preventing other users\n"
 	  "       from switching virtual consoles.\n"
+	  "-e or --erase: erase current virtual console content\n"
+	  "       from switching virtual consoles.\n"
 	  "-v or --version: Print the version number of vlock and exit.\n"
 	  "-h or --help: Print this help message and exit.\n"
 	  );

The second line should not be added. Something like this:

--- a/help.c
+++ b/help.c
@@ -26,6 +26,7 @@ void print_help(int exitcode) {
 	  "       switch to other virtual consoles.\n"
 	  "-a or --all: lock all virtual consoles by preventing other users\n"
 	  "       from switching virtual consoles.\n"
+	  "-e or --erase: erase current virtual console content\n"
 	  "-v or --version: Print the version number of vlock and exit.\n"
 	  "-h or --help: Print this help message and exit.\n"
 	  );
Comment 5 Karel Zak 2012-11-14 11:12:43 UTC 
Applied to f18 (=RHEL7) and f19. 

I have doubts we will see a special RHEL6.x errata for vlock. Maybe we can close this report.
Comment 6 RHEL Program Management 2013-10-14 00:45:00 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.