Re: possible security flaw in screen 3.9.5-9
On Fri, Sep 08, 2000 at 02:06:15PM +0100, Tim Haynes wrote:
> CaT <firstname.lastname@example.org> writes:
> [snip sensible stuff]
> > As such I reckon it's best if the screen directory is left in /tmp where
> > the authors initially put it. It's inconvenient but doesn't cause the
> > problems above.
> No indeed, but you have problems with folks who periodically clean out
> their /tmp directories, especially based on age of files... choice of two
Well, I'd rather the one without the hole in it. :) But also, on this vein:
$ ll /tmp
1 drwxrwxrwt 6 root root 1024 Sep 8 19:18 .
1 drwxr-xr-x 20 root root 1024 Sep 7 11:28 ..
1 -r--r--r-- 1 root root 11 Sep 7 11:31 .X0-lock
1 drwxrwxrwt 2 root root 1024 Sep 7 11:31 .X11-unix
1 drwxrwxrwt 2 root root 1024 Sep 7 11:31 .font-unix
Same problem would happen with X. You could make it somewhat inconvenient
to remove it by making the dir .screens. That's the solution I used on my
box at home.
> Something else I was wondering. The problem was with a setuid version of
> screen. I have:
> zsh, potato 2:04PM # ll `which screen`
> -rwxr-sr-x 1 root utmp 216380 Sep 2 16:52 /usr/bin/screen*
> zsh, potato 2:04PM #
> The impossible question, someone tell me I'm an idiot: is there anything
> exploitable through being setgid-utmp? :]
I'm not gonna pretend to have enough clue to be able to answer this. ;)
'He had position, but I was determined to score.'
-- Worf, DS9, Season 5: 'Let He Who Is Without Sin...'