[7719] in bugtraq
Re: Screen tmp race temp fix
daemon@ATHENA.MIT.EDU (David Luyer)
Wed Aug 19 22:34:22 1998
Date: Thu, 20 Aug 1998 09:33:40 +0800
Reply-To: David Luyer <luyer@UCS.UWA.EDU.AU>
From: David Luyer <luyer@UCS.UWA.EDU.AU>
X-To: Michal Zalewski <lcamtuf@IDS.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sun, 16 Aug 1998 14:21:24 +0200."
<Pine.LNX.4.00.9808161420410.281-100000@lcamtuf.ids.pl>
> On Tue, 18 Aug 1998 marcelo@FREAK.CONECTIVA.COM.BR wrote:
>
> > Here goes a temporary fix for screen /tmp race.
>
> Here goes a fix for all screen problems:
>
> export SCREENDIR=~/screen
> chmod 755 /usr/bin/screen
Now you've just opened up the nonsuid screen can't set tty permissions problem.
The pty and tty associated with screen will be mode 666 (normal for the pty,
not so normal for the tty).
Now you can;
* write to the tty
* read from the tty (you have to do the echo back yourself, or not echo back
if you're pretending to be reading a password, and this might not always
work straight off - usually from the first time they press enter, although
appropriate ioctl()'s might fix that)
* stty their tty (eg, stty echo </dev/tty??).
Anyway, it's not the quick fix you imply it is.
A more minor problem is that screen can't read the shadowed password file if
there is one and when someone locks the screen and walks away, they might not
realise that this copy of screen is non-SUID so it sits there asking them
what password to use.
David.
