This is a problem present in screen 3.7.4. When a user uses ^A > in screen to save whatever he has cut, the file /tmp/screen-exchange is created. This file contains whatever was in the cut buffer at the time. This can be exploite If a normal user links /tmp/screen-exchange to a sensetive file, such as /etc/passwd, whenever root uses ^A > to save his buffer to file, whatever file /tmp/screen-exchage is linked to, is overwritten. This is bad. vel0city velocityat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:45 PDT