getty: also clear console scrollback

[ttyva]

If clearing the screen, also try to clear the vt/syscons history.

Being able to scroll up and see the last session's output after clearing is somewhat unexpected to me. This is my suggestion. Tested on vt(4) and Tektronix 4014 via serial.

Thank you!

[github-actions]

Thank you for taking the time to contribute to FreeBSD!

All issues resolved.

[concussious]

This would break a lot of workflows. If you want to stop scrollback at the login screen, maybe you could add a security sysctl to optionally disable scrollback from that login screen?

[ttyva]

If you say so. This wouldn't impact a default installation. I'm not sure what the purpose of a sysctl would be. If you prefer the history clearing to be configurable separately from clearing the screen, a new gettytab capability seems more appropriate. Is that what you mean?

By the way, the motivation for this is that, besides being good hygiene, clearing the scrollback buffer on logout is required for SOC 2 and probably other certifications, and auditors have said that "trap 'vidcontrol -C' EXIT" or similar are not sufficient because it's not system configuration.

[concussious]

I was thinking a sysctl security.bsd.clear_scrollback_on_logout (or whatever is more appropriate). If the sysctl is set to 1, then it will behave as you are suggesting. It defaults to 0, which means that it will behave the way it's been behaving.

Then, you could create this compliance and hardening without violating POLA (the rule about not changing behavior that's always been that way).

[kevans91]

I was thinking a sysctl security.bsd.clear_scrollback_on_logout (or whatever is more appropriate). If the sysctl is set to 1, then it will behave as you are suggesting. It defaults to 0, which means that it will behave the way it's been behaving.

Then, you could create this compliance and hardening without violating POLA (the rule about not changing behavior that's always been that way).

I think you've overlooked the point that they're trying to make: the path they're changing requires the user to consciously define the terminal type to do a screen clear in /etc/gettytab, then switch /etc/ttys to use that. None of the default types will do it, so this is already an administrative request to clear the screen.

I think this change seems fine...

[kevans91]

I recommend this small tweak in the commit message:

-getty: also clear console scrollback
+getty: also clear console scrollback for `cl`-configured terminals

[concussious]

Should this patch update the cl line in the CAPABILITIES section of gettytab(1)?

[kevans91]

Should this patch update the cl line in the CAPABILITIES section of gettytab(1)?

I don't think so, but I would probably update the below paragraph that mentions the cl delay to note that we'll also attempt to clear scrollback.