[5279] in bugtraq
Re: Small bug in screen-3.7.1
daemon@ATHENA.MIT.EDU (Matt Fisher)
Mon Sep 15 17:04:32 1997
Date: Mon, 15 Sep 1997 12:35:01 -0700
Reply-To: Matt Fisher <mfisher@AISTRAT.COM>
From: Matt Fisher <mfisher@AISTRAT.COM>
X-To: gershwin <gershwin@ORCI.COM>
To: BUGTRAQ@NETSPACE.ORG
That has been a small problem with screen for many years, the easiest
solution is to change the SOCKDIR in config.h.in from /tmp/screens to /tmp.
That way each user's S-userid directory will be created in the tmp
directory. That avoids the issue of the first random user owning the
screens directory and since /tmp has the sticky bit set you don't have to
worry about a user deleting another users screen directory.
Matt
---
Matt Fisher <mfisher@aistrat.com> - http://mfisher.ml.org/~mfisher/
PH# 425-803-3213 - Fax# 425-803-9084
On Monday, September 15, 1997 11:11 AM, gershwin [SMTP:gershwin@ORCI.COM]
wrote:
> Sorry if this is old news, but I have not seen anything about it.
> I have noticed a small bug in screen-3.7.1 when it is run un suid
> When a system is rebooted the /tmp/screens directory is removed, the
first
> time screen is run it makes /tmp/screens owned by the user that envoked
it,
> *with that users umask*
>
> bullwinkle: {1115} % ls -al /tmp
> drwx------ 3 gershwin wheel 512 Sep 15 12:00 screens
>
> The next time a user tries to run screen they will get a error message
>
> bullwinkle: {1119} % screen
> Directory '/tmp/screens' must have mode 777.
>
> I can change /tmp/screens to 777 and other users can use it normaly.
>
> but with a system user other than root owning the /tmp/screens directory
> he/she could remove other users screens, nothing major but just annoying.
>
> This has been tested on bsdi 2.0-3.0 and Linux
>
> Logan Gabriel -- gershwin@orci.com
> If NT's the answer, you dont understand the question.
