[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: misc/screen local root compromise

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: Re: misc/screen local root compromise
From: Han <han_(_at_)_mijncomputer_(_dot_)_nl>
Date: Thu, 6 Sep 2001 12:14:18 +0200
Mail-followup-to: ports_(_at_)_openbsd_(_dot_)_org

John Wright (john_(_at_)_dryfish_(_dot_)_org) wrote:
> On Thu, Sep 06, 2001 at 04:23:07AM +0200, Han wrote:
> > David Krause (openbsd_(_at_)_davidkrause_(_dot_)_com) wrote:
> > > http://www.linuxsecurity.com/advisories/suse_advisory-1594.html

> > > [...]

> > http://www.acm.uiuc.edu/workshops/security/setuid.html

> > Any good reason for screen to be suid?

> Writing to utmp.
> chown `tty`

> Last one being the most concerning because, otherwise, everyone has access
> to your tty.

Right. Lets update that port. 

Marc accidentaly replied my other question to the misc.
>> I noticed that Brad has updated the port. Good Job but this port is
>> not available for TRACKING_SWITCH. Eh would that be possible?

> No, just grab the port from the OPENBSD_2_9 branch. 

So I changed the portstag and did:
cvsup -g -L 2 -i ports/misc/screen /etc/cvs-supfile 


Cya, Han.

References:
- misc/screen local root compromise
  - From: David Krause
- Re: misc/screen local root compromise
  - From: Han
- Re: misc/screen local root compromise
  - From: John Wright

Prev by Date: Re: misc/screen local root compromise
Next by Date: Ports Recommendations.
Previous by thread: Re: misc/screen local root compromise
Next by thread: Re: misc/screen local root compromise
Index(es):
- Date
- Thread

Visit your host, monkey.org