[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: misc/screen local root compromise
- To: ports_(_at_)_openbsd_(_dot_)_org
- Subject: Re: misc/screen local root compromise
- From: Han <han_(_at_)_mijncomputer_(_dot_)_nl>
- Date: Thu, 6 Sep 2001 12:14:18 +0200
- Mail-followup-to: ports_(_at_)_openbsd_(_dot_)_org
John Wright (john_(_at_)_dryfish_(_dot_)_org) wrote:
> On Thu, Sep 06, 2001 at 04:23:07AM +0200, Han wrote:
> > David Krause (openbsd_(_at_)_davidkrause_(_dot_)_com) wrote:
> > > http://www.linuxsecurity.com/advisories/suse_advisory-1594.html
> > > [...]
> > http://www.acm.uiuc.edu/workshops/security/setuid.html
> > Any good reason for screen to be suid?
> Writing to utmp.
> chown `tty`
> Last one being the most concerning because, otherwise, everyone has access
> to your tty.
Right. Lets update that port.
Marc accidentaly replied my other question to the misc.
>> I noticed that Brad has updated the port. Good Job but this port is
>> not available for TRACKING_SWITCH. Eh would that be possible?
> No, just grab the port from the OPENBSD_2_9 branch.
So I changed the portstag and did:
cvsup -g -L 2 -i ports/misc/screen /etc/cvs-supfile
Visit your host, monkey.org