Red Hat Bugzilla – Bug 701704
doesn't clear the screen on logout
Last modified: 2014-03-16 23:27:37 EDT
Description of problem:
Historically (since the dawn of time, or shortly thereafter) we've cleared the screen before login. This was (more or less) due to the use of mingetty, which did this by default.
With systemd, we've switched to using agetty, which does not do this by default. This is a behavior change, and should at a minimum be documented.
However, it may be simplest to just restore the previous behavior. Options include:
1) patch agetty to clear the screen by default, and support an option to not clear the screen
Pros: clean interface
Cons: requires patching and adding a agetty option
2) patch getty@.service to call agetty like so:
ExecStart=-/sbin/agetty %I -I '\033[2J\033[f' 38400
Pros: works now
Cons: that's gross
3) patch /etc/skel to drop a .bash_logout with 'clear' in it everywhere
Cons: doesn't catch existing users, or users of other shells
4) ... ?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
New getty appears below
New getty appears on cleared screen
At the suggestion from notting, I tested option#2 and option#3, both obviously worked.
This feels like it has security implications since a user can view another users session output. I'm not aware of any 15 Final release criteria this would impact, but it seems like something we'd really want to resolve. Perhaps NTH might be a better fit. Either way, I think this should land in F15.
(In reply to comment #1)
> At the suggestion from notting, I tested option#2 and option#3, both obviously
> This feels like it has security implications since a user can view another
> users session output. I'm not aware of any 15 Final release criteria this
> would impact, but it seems like something we'd really want to resolve. Perhaps
> NTH might be a better fit. Either way, I think this should land in F15.
After some discussion w/ notting, I'm moving this to a proposed nice-to-have (NTH) fix for F15. We've confirmed that neither mingetty nor agetty inhibit the virtual console's native scrollback ability. So, prior to Fedora 15, assuming the clearback buffer wasn't purged, a user could <Shift>PgUp and scroll to view a previous logged in user's session info. This doesn't appear to be a change in behavior.
However, having the session data still present on the screen seems like something people will notice, and seems worth discussing if a simple fix is available.
The util-linux upstream goal is to merge mingetty features into agetty. My guess is that the new features will be available in Fedora-16.
Should we move this to util-linux, then, and document it (and potential workaround #2) in the release notes?
(In reply to comment #4)
> Should we move this to util-linux, then, and document it (and potential
> workaround #2) in the release notes?
Definitely seems worthy of some documentation for F15. Since the mingetty -> agetty change is intentional, I agree that release notes is a good fit.
Discussed in the 2011-05-06 blocker review meeting. Rejected as NTH because it appears as if all parties agree that a fix in the F15 isn't practical but the change needs to be documented.
If a tested fix becomes available, it can be re-proposed as NTH.
So, I think this is actually fixable properly. We probably could teach systemd to deallocate a VT before invoking getty on it. The deallocation step should release the scrollback buffer completely (at least I hope, haven't tried it, but I'd bet on it).
We wanted to add support for vhangup() on the ttys anyway, in order to ensure that the processes we start are guaranteed to be the only ones accessing it. Adding an option to flush the VT scrollback buffer should be relatively easy and could be exposed via the same (or similar) configuration options.
So I am all for fixing this in systemd, rather then agetty, since whatever process we start we probably want to offer the same vhangup/screen clear options.
This is not fixed properly in systemd git. With a suitably new kernel we will now issue an escape sequence that clears the scrollback buffer when getty is run.
This is now in Rawhide.