[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible security flaw in screen 3.9.5-9



On Sat, Sep 09, 2000 at 01:10:23PM +1100, Herbert Xu wrote:
> 
> How will they do that if the only thing owned by screen are the directories?
> You can always do fstat after an open.

oh i misunderstood you, what would happen if they removed the socket?
i would guess nothing if sockets work like any other file if they are
`open'


i still maintain that users owning a directory in /var/run/screen is
not really a big deal since there are loads of world writable
directories in /var.  maybe if tex is fixed i might be convinced.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpP7mFCsz241.pgp
Description: PGP signature


Reply to: