Bug#519339: ITP: tmux -- an alternative to screen, licensed under 3-BSD
On Sat, 14 Mar 2009, Mike Hommey <firstname.lastname@example.org> wrote:
> > [Mike Hommey]
> > > Screen does that too, so that would hardly be less secure than screen.
> > Well, if by "in /tmp" you mean "in /var/run/screen".
> Well, that's a Debian thing. Upstream default is /tmp/screens, and last
> time I checked on RH, it was there too.
RHEL 5.2 has /var/run/screen. Debian/Lenny and RHEL 5.2 work in a similar
way, you have a setgid screen program and the /var/run/screen directory is
writable by the group. In Debian there is an init.d script to create that
directory (presumably to support tmpfs /var/run) while in RHEL it is
installed as part of the package.
RHEL 4.7 has the directory /tmp/screens for root and /tmp/uscreens for user
sessions. /tmp/uscreens is owned by the first non-root user who ran screen
and group writable. If that user is hostile (or even clueless) then "chmod
700 /tmp/uscreens" will make it unusable for others. I don't know whether
they can do anything really bad, screen appears to check the ownership of the
socket so it should be OK apart from DOS attacks.