[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[screen-devel] [bug #45582] Race condition creating the socket directori
From: |
Juergen Weigert |
Subject: |
[screen-devel] [bug #45582] Race condition creating the socket directories |
Date: |
Mon, 20 Jul 2015 10:44:35 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0 |
Follow-up Comment #2, bug #45582 (project screen):
The race mentioned here, is that screen refuses to start, when the SockPath or
SockDir is created by another process in a very specifc moment. Nothing bad
actually happens, user can retry.
Another possible race is that some malicious code tries to
swap directories in the right moment so that screen would do write(), chmod(),
chown()... on other files/directories than intended.
If such a race succeeds, it could be used to exploit the suid bit that screen
has on some systems to gain access to otherwise inaccessible data or corrupt
other data.
Swapping directories can be done very fast by flipping symlinks back and
forth.
I see the user friendly effect of not aborting, when everything is okay. But I
also see the danger that patching the code to be more permissive during
startup, might open the gap for such exploits. Beware!
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?45582>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/