Re: possible security flaw in screen 3.9.5-9

[CaT <cat@zip.com.au>]

On Fri, Sep 08, 2000 at 02:06:15PM +0100, Tim Haynes wrote:
> CaT <cat@zip.com.au> writes:
> 
> [snip sensible stuff]
> > As such I reckon it's best if the screen directory is left in /tmp where
> > the authors initially put it. It's inconvenient but doesn't cause the
> > problems above.
> 
> No indeed, but you have problems with folks who periodically clean out
> their /tmp directories, especially based on age of files... choice of two
> evils.

Well, I'd rather the one without the hole in it. :) But also, on this vein:

$ ll /tmp
total 19
   1 drwxrwxrwt    6 root     root         1024 Sep  8 19:18 .
   1 drwxr-xr-x   20 root     root         1024 Sep  7 11:28 ..
   1 -r--r--r--    1 root     root           11 Sep  7 11:31 .X0-lock
   1 drwxrwxrwt    2 root     root         1024 Sep  7 11:31 .X11-unix
   1 drwxrwxrwt    2 root     root         1024 Sep  7 11:31 .font-unix

Same problem would happen with X. You could make it somewhat inconvenient
to remove it by making the dir .screens. That's the solution I used on my
box at home.

> Something else I was wondering. The problem was with a setuid version of
> screen. I have:
> 
>     zsh, potato  2:04PM # ll `which screen`
>     -rwxr-sr-x    1 root     utmp       216380 Sep  2 16:52 /usr/bin/screen*
>     zsh, potato  2:04PM # 
> 
> The impossible question, someone tell me I'm an idiot: is there anything
> exploitable through being setgid-utmp? :]

I'm not gonna pretend to have enough clue to be able to answer this. ;)

-- 
CaT (cat@zip.com.au)

	'He had position, but I was determined to score.'
		-- Worf, DS9, Season 5: 'Let He Who Is Without Sin...'