Re: possible security flaw in screen 3.9.5-9

To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: debian-security@lists.debian.org
Subject: Re: possible security flaw in screen 3.9.5-9
From: Ethan Benson <erbenson@alaska.net>
Date: Fri, 8 Sep 2000 18:20:19 -0800
Message-id: <[🔎] 20000908182018.C4439@plato.local.lan>
In-reply-to: <[🔎] 20000909131023.A15381@gondor.apana.org.au>; from herbert@gondor.apana.org.au on Sat, Sep 09, 2000 at 01:10:23PM +1100
References: <[🔎] 20000909000019.N4385@zip.com.au> <[🔎] 200009082330.e88NUQE12503@gondor.apana.org.au> <[🔎] 20000908175431.A4439@plato.local.lan> <[🔎] 20000909131023.A15381@gondor.apana.org.au>

On Sat, Sep 09, 2000 at 01:10:23PM +1100, Herbert Xu wrote:
> 
> How will they do that if the only thing owned by screen are the directories?
> You can always do fstat after an open.

oh i misunderstood you, what would happen if they removed the socket?
i would guess nothing if sockets work like any other file if they are
`open'

i still maintain that users owning a directory in /var/run/screen is
not really a big deal since there are loads of world writable
directories in /var.  maybe if tex is fixed i might be convinced.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpRDDaWcD_in.pgp
Description: PGP signature

Reply to:

References:
- possible security flaw in screen 3.9.5-9
  - From: CaT <cat@zip.com.au>
- Re: possible security flaw in screen 3.9.5-9
  - From: Herbert Xu <herbert@gondor.apana.org.au>
- Re: possible security flaw in screen 3.9.5-9
  - From: Ethan Benson <erbenson@alaska.net>
- Re: possible security flaw in screen 3.9.5-9
  - From: Herbert Xu <herbert@gondor.apana.org.au>

Prev by Date: Re: possible security flaw in screen 3.9.5-9
Next by Date: Re: possible security flaw in screen 3.9.5-9
Previous by thread: Re: possible security flaw in screen 3.9.5-9
Next by thread: Re: possible security flaw in screen 3.9.5-9
Index(es):
- Date
- Thread