Bugtraq mailing list archives
Re: Screen tmp race temp fix
From: luyer () UCS UWA EDU AU (David Luyer)
Date: Thu, 20 Aug 1998 09:33:40 +0800
On Tue, 18 Aug 1998 marcelo () FREAK CONECTIVA COM BR wrote:Here goes a temporary fix for screen /tmp race.Here goes a fix for all screen problems: export SCREENDIR=~/screen chmod 755 /usr/bin/screen
Now you've just opened up the nonsuid screen can't set tty permissions problem.
The pty and tty associated with screen will be mode 666 (normal for the pty,
not so normal for the tty).
Now you can;
* write to the tty
* read from the tty (you have to do the echo back yourself, or not echo back
if you're pretending to be reading a password, and this might not always
work straight off - usually from the first time they press enter, although
appropriate ioctl()'s might fix that)
* stty their tty (eg, stty echo </dev/tty??).
Anyway, it's not the quick fix you imply it is.
A more minor problem is that screen can't read the shadowed password file if
there is one and when someone locks the screen and walks away, they might not
realise that this copy of screen is non-SUID so it sits there asking them
what password to use.
David.
Current thread:
- Re: Screen tmp race temp fix Michal Zalewski (Aug 16)
- Re: Screen tmp race temp fix David Luyer (Aug 19)
- [NTSEC] (It gets worse) NT vulnerable to DOS attack on more than Bob Beck (Jan 25)
- firewall-1: old broadcast address hole? Tom Vandepoel (Apr 24)
- another irix buffer overflow... David Hedley (May 26)
- one last one for this evening... David Hedley (May 26)
- Vulnerability Database Matt Barrie (Jun 22)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- pnserver exploit.. Aleph One (Jan 15)
- Universal Wrapper Willy TARREAU (Mar 03)
- Re: Screen tmp race temp fix Philip Guenther (Aug 19)
- Retraction and apology route () RESENTMENT INFONEXUS COM (Aug 20)
(Thread continues...)
- Re: Screen tmp race temp fix David Luyer (Aug 19)