[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible security flaw in screen 3.9.5-9

On Fri, Sep 08, 2000 at 05:54:32PM -0800, Ethan Benson wrote:
> i think this is a bad idea, if another hole is found in screen then
> users can spy on other users sessions. as it is now if a hole is in
> screen users can mess with the utmp file, thats it. which is not that big a
> deal.  (i have had lots of buggy programs which screw that up anyway) 

How will they do that if the only thing owned by screen are the directories?
You can always do fstat after an open.
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: