[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: misc/screen local root compromise

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: Re: misc/screen local root compromise
From: Han <han_(_at_)_mijncomputer_(_dot_)_nl>
Date: Thu, 6 Sep 2001 04:47:06 +0200
Mail-followup-to: ports_(_at_)_openbsd_(_dot_)_org

Josha Bronson (dmuz_(_at_)_slartibartfast_(_dot_)_angrypacket_(_dot_)_com) wrote:
> On Thu, Sep 06, 2001 at 04:23:07AM +0200, Han said:
>> David Krause (openbsd_(_at_)_davidkrause_(_dot_)_com) wrote:

[snip: suid exploit for screen]

>> http://www.acm.uiuc.edu/workshops/security/setuid.html

>> Any good reason for screen to be suid?

> According to what I can gather from the man page 

<blush> *Ahem*

> to specify an non-user writable directory for sockets 

Excuse me. What would not work because off that?

> or to allow attaching other users screen sessions where permitted.

Nope just log on as the other user(ssh) and screen -x. Much more
practical. Change the password if necesarry.

> Are there other reasons?

/me ponders.

</blush>


Cya, Han.

References:
- misc/screen local root compromise
  - From: David Krause
- Re: misc/screen local root compromise
  - From: Han

Prev by Date: Re: misc/screen local root compromise
Next by Date: siag
Previous by thread: Re: misc/screen local root compromise
Next by thread: Re: misc/screen local root compromise
Index(es):
- Date
- Thread

Visit your host, monkey.org