Bugtraq mailing list archives
Small bug in screen-3.7.1
From: gershwin () ORCI COM (gershwin)
Date: Mon, 15 Sep 1997 12:11:19 -0600
Sorry if this is old news, but I have not seen anything about it. I have noticed a small bug in screen-3.7.1 when it is run un suid When a system is rebooted the /tmp/screens directory is removed, the first time screen is run it makes /tmp/screens owned by the user that envoked it, *with that users umask* bullwinkle: {1115} % ls -al /tmp drwx------ 3 gershwin wheel 512 Sep 15 12:00 screens The next time a user tries to run screen they will get a error message bullwinkle: {1119} % screen Directory '/tmp/screens' must have mode 777. I can change /tmp/screens to 777 and other users can use it normaly. but with a system user other than root owning the /tmp/screens directory he/she could remove other users screens, nothing major but just annoying. This has been tested on bsdi 2.0-3.0 and Linux Logan Gabriel -- gershwin () orci com If NT's the answer, you dont understand the question.
Current thread:
- Re: stealth port scanning Fyodor (Sep 08)
- Re: stealth port scanning Duncan Simpson (Sep 08)
- Re: stealth port scanning Alan Cox (Sep 08)
- Security Bulletins Digest Aleph One (Sep 09)
- AIX bugfiler Aleph One (Sep 09)
- FTP compromise. Aleph One (Sep 09)
- OpenBSD Security Advisory: BSD I/O Signals Thomas H. Ptacek (Sep 14)
- Re: OpenBSD Security Advisory: BSD I/O Signals Alan Cox (Sep 15)
- Small bug in screen-3.7.1 gershwin (Sep 15)