Re: possible security flaw in screen 3.9.5-9

To: Michael Stone <mstone@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: possible security flaw in screen 3.9.5-9
From: CaT <cat@zip.com.au>
Date: Sat, 9 Sep 2000 00:20:09 +1100
Message-id: <[🔎] 20000909002009.O4385@zip.com.au>
In-reply-to: <[🔎] 20000908091238.Q8493@justice.loyola.edu>; from mstone@debian.org on Fri, Sep 08, 2000 at 09:12:38AM -0400
References: <[🔎] 20000909000019.N4385@zip.com.au> <[🔎] 20000908091238.Q8493@justice.loyola.edu>

On Fri, Sep 08, 2000 at 09:12:38AM -0400, Michael Stone wrote:
> On Sat, Sep 09, 2000 at 12:00:19AM +1100, CaT wrote:
> > a. a possible way around quotas set on /home b. a method of fully
> > filling up /var, thereby potentially causing log entries to be
> > lost which, in turn, gives the user anice, untracable way of then
> 
> How would this be different from putting things in /var/tmp,

Make /var/tmp a seperate partition. I've already seen /var/tmp
severly screwup a system when it was part of /var. (I also always
make /tmp a seperate partition)

> /var/lock, etc.?

Hmmm. Interesting. Why is it so? Redhat at least doesn't appear
to have it globally writeable (at least the systems I just checked)
so does it really need to be? (don't take this as a redhat vs debian 
thing but more of a 'I've got an example to the contrary' thing :)

-- 
CaT (cat@zip.com.au)

	'He had position, but I was determined to score.'
		-- Worf, DS9, Season 5: 'Let He Who Is Without Sin...'

Reply to:

References:
- possible security flaw in screen 3.9.5-9
  - From: CaT <cat@zip.com.au>
- Re: possible security flaw in screen 3.9.5-9
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: libc6 for woody?
Next by Date: Re: possible security flaw in screen 3.9.5-9
Previous by thread: Re: possible security flaw in screen 3.9.5-9
Next by thread: Re: possible security flaw in screen 3.9.5-9
Index(es):
- Date
- Thread