possible security flaw in screen 3.9.5-9
After installing this utility (which has to be amongst my very
favourite) I noticed something interesting int he way it behaves.
Basically, screen does what I first thought of when compiling it
for myself, which is to put its pipes in /var/run/screen.
What screen does there is to create subdirs which are then used
to hold a users pipes. Now these subdirs are owned by the user
that runs screen. The hassle with this is that it gives the user
a. a possible way around quotas set on /home b. a method of fully
filling up /var, thereby potentially causing log entries to be
lost which, in turn, gives the user anice, untracable way of then
doing naughty things without those naughty things getting logged.
Said user can then rm the large file they created and noone would
be any the wiser.
As such I reckon it's best if the screen directory is left in
/tmp where the authors initially put it. It's inconvenient but
doesn't cause the problems above.
'He had position, but I was determined to score.'
-- Worf, DS9, Season 5: 'Let He Who Is Without Sin...'