Re: possible security flaw in screen 3.9.5-9

To: Ethan Benson <erbenson@alaska.net>
Cc: debian-security@lists.debian.org
Subject: Re: possible security flaw in screen 3.9.5-9
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sat, 9 Sep 2000 13:10:23 +1100
Message-id: <[🔎] 20000909131023.A15381@gondor.apana.org.au>
In-reply-to: <[🔎] 20000908175431.A4439@plato.local.lan>; from erbenson@alaska.net on Fri, Sep 08, 2000 at 05:54:32PM -0800
References: <[🔎] 20000909000019.N4385@zip.com.au> <[🔎] 200009082330.e88NUQE12503@gondor.apana.org.au> <[🔎] 20000908175431.A4439@plato.local.lan>

On Fri, Sep 08, 2000 at 05:54:32PM -0800, Ethan Benson wrote:
> 
> i think this is a bad idea, if another hole is found in screen then
> users can spy on other users sessions. as it is now if a hole is in
> screen users can mess with the utmp file, thats it. which is not that big a
> deal.  (i have had lots of buggy programs which screw that up anyway) 

How will they do that if the only thing owned by screen are the directories?
You can always do fstat after an open.
-- 
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

Follow-Ups:
- Re: possible security flaw in screen 3.9.5-9
  - From: Ethan Benson <erbenson@alaska.net>

References:
- possible security flaw in screen 3.9.5-9
  - From: CaT <cat@zip.com.au>
- Re: possible security flaw in screen 3.9.5-9
  - From: Herbert Xu <herbert@gondor.apana.org.au>
- Re: possible security flaw in screen 3.9.5-9
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: possible security flaw in screen 3.9.5-9
Next by Date: Re: possible security flaw in screen 3.9.5-9
Previous by thread: Re: possible security flaw in screen 3.9.5-9
Next by thread: Re: possible security flaw in screen 3.9.5-9
Index(es):
- Date
- Thread