[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible security flaw in screen 3.9.5-9



On Sat, Sep 09, 2000 at 10:30:26AM +1100, Herbert Xu wrote:
> CaT <cat@zip.com.au> wrote:
> >
> > What screen does there is to create subdirs which are then used
> > to hold a users pipes. Now these subdirs are owned by the user
> > that runs screen. The hassle with this is that it gives the user
> 
> What about making screen setuid screen and make screen the owner of those
> directories?

i think this is a bad idea, if another hole is found in screen then
users can spy on other users sessions. as it is now if a hole is in
screen users can mess with the utmp file, thats it. which is not that big a
deal.  (i have had lots of buggy programs which screw that up anyway) 

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpvthzpGmfoO.pgp
Description: PGP signature


Reply to: