screen-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [screen-devel] [bug #50142] root exploit 4.5.0

From: Jürgen Weigert
Subject: Re: [screen-devel] [bug #50142] root exploit 4.5.0
Date: Thu, 26 Jan 2017 18:18:16 +0100 
Hey Alex, I can reproduce the following:

rm -f bla
touch bla
screen -L bla
 -> file bla still owned by myself  and filled in with log file contents.

rm -f bla
screen -L bla
 -> file bla created with owner root and filled in with log file contents.

sudo rm -f bla
echo hello world | sudo dd od=bla
screen -L bla
 -> file bla still owned by root but truncated to length 0.


Reverting the initial write check
http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
should fix it. Please test. Please let me know as soon as I can test.

cheers, JW-

PS: when I first saw the code I wondered what the use case was and
immediatly thought of an exploit. But with the initial test and
everything I was conviced it should be good. Damed...


On Tue, Jan 24, 2017 at 11:23 PM, Alex Naumov
<address@hidden> wrote:
> Hi Axel,
>
> I also can't reproduce it, but it's depend on how do you install
> GNU screen and which security mechanisms do you use in your OS.
>
> There is 2 very nasty bugs and one of them is security related...
>
> As I said, I'm working on that and going to release 4.5.1 as a
> security/bugfix release next month.
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]