screen problems

From: is it time? (velocityat_private)
Date: Mon Jul 20 1998 - 18:30:05 PDT

Next message: Allanah Myles: "Re: EMERGENCY: new remote root exploit in UW imapd"

Previous message: Brad Powell: "Re: Security risk with powermanagemnet on Solaris 2.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a problem present in screen 3.7.4.  When a user uses ^A > in screen
to save whatever he has cut, the file /tmp/screen-exchange is created.  This
file contains whatever was in the cut buffer at the time.  This can be exploite
If a normal user links /tmp/screen-exchange to a sensetive file, such as
/etc/passwd, whenever root uses ^A > to save his buffer to file, whatever
file /tmp/screen-exchage is linked to, is overwritten.  This is bad.

vel0city
velocityat_private

Next message: Allanah Myles: "Re: EMERGENCY: new remote root exploit in UW imapd"
Previous message: Brad Powell: "Re: Security risk with powermanagemnet on Solaris 2.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:45 PDT