[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: misc/screen local root compromise

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: Re: misc/screen local root compromise
From: John Wright <john_(_at_)_dryfish_(_dot_)_org>
Date: Thu, 6 Sep 2001 10:31:43 +0100
Reply-to: John Wright <john_(_at_)_dryfish_(_dot_)_org>

On Thu, Sep 06, 2001 at 04:23:07AM +0200, Han wrote:
> David Krause (openbsd_(_at_)_davidkrause_(_dot_)_com) wrote:
> > http://www.linuxsecurity.com/advisories/suse_advisory-1594.html
> 
> > [...]
> 
> http://www.acm.uiuc.edu/workshops/security/setuid.html
> 
> Any good reason for screen to be suid?

Writing to utmp.
chown `tty`

Last one being the most concerning because, otherwise, everyone has access
to your tty.

Follow-Ups:
- Re: misc/screen local root compromise
  - From: Han

References:
- misc/screen local root compromise
  - From: David Krause
- Re: misc/screen local root compromise
  - From: Han

Prev by Date: Re: misc/screen local root compromise
Next by Date: Re: misc/screen local root compromise
Previous by thread: Re: misc/screen local root compromise
Next by thread: Re: misc/screen local root compromise
Index(es):
- Date
- Thread

Visit your host, monkey.org