David Luyer <luyerat_private> writes: ... >Now you've just opened up the nonsuid screen can't set tty permissions problem. Only on OSes that use BSD ttys. The sysV style pts clone device does not suffer from this as the chowning and chmoding is done for you via a suid helper program called from the grantpt() routine. >A more minor problem is that screen can't read the shadowed password file if >there is one and when someone locks the screen and walks away, they might not >realise that this copy of screen is non-SUID so it sits there asking them >what password to use. I just checked the source, and if it can't get the password via getpwnam and getspnam fails, then it just asks for one when you lock the screen. The deficiency that you forgot was the inability of screen to update utmp on OSes where utmp isn't world writable (good!) and that don't have some libc routine that calls a setuid root program to do the update for the program. The result is that screen is crippled or insecure when not setuid on BSDish systems, while it gets by pretty well on sysVish ones. I run it here under Solaris 2.5 and 2.6 without it being setuid and without any loss of functionality, except the lock password, and that's what xlock is for. The one other place I can think of in screen which really deserves a going over is the client-server protocol code: if someone can open the screen socket/pipe, can they crash the server or exploit a buffer overflow? Philip Guenther ---------------------------------------------------------------- Philip Guenther UNIX Systems and Network Administrator Internet: guentherat_private Voicenet: (507) 933-7596 Gustavus Adolphus College St. Peter, MN 56082-1498
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:15 PDT