RE: problem using screen after running /bin/su

[Joe Zbiciak]

(oops, a resend that includes the list)



If you open the magic "/dev/tty", the kernel will give
you a file handle that points to the same pseudo-terminal
as /dev/pts/<#>.  

Screen opens /dev/pts/<#>, not /dev/tty.  Likely, other
programs are opening /dev/tty.  

Perhaps screen should implement a fallback -- if it can't
open /dev/pts/<#>, try opening /dev/tty as a last resort?  
It can still put /dev/pts/<#> in utmp if it's updating
utmp.

Regards,

--Joe
--- David Balazic <address@hidden> wrote:

> >From your explanation I don't see why all other programs
> work ( can read and
> write the tty ),
> while screen can't.
> 
> 
> > ----------
> > From:
> >
>
address@hidden:screen-users-bou
> > address@hidden on behalf of
> Juergen
> > Weigert[SMTP:address@hidden
> > Reply To:   address@hidden
> > Sent:       27. avgust 2004 18:45
> > To:         Felix E. Klee
> > Cc:         address@hidden
> > Subject:    Re: problem using screen after running
> /bin/su
> > 
> > On Aug 27, 04 17:50:33 +0200, Felix E. Klee wrote:
> > > On Fri, 27 Aug 2004 08:39:48 -0700 (PDT) Edward
> Quillen wrote:
> > > > Cannot open your terminal '/dev/pts/4' - please
> check.
> > > 
> > > I have the same problem under Linux. I found out that
> the device is
> > > owned by the user who started the terminal
> (emulator). Ordinary users
> > > cannot read/write from/to that device. 
> > 
> > And this is very good, the way it is. Otherwise, your
> 'ordinary user'
> > could
> > try to read from the device while you were typing your
> password.
> > 
> > > The device seems to be central
> > > for IO; for example issuing
> > > 
> > >     echo "hello" > /dev/pts/4
> > 
> > Writing to a foreign tty is only a mild annouyance. 
> > But reading is a security risk.
> > 
> > > should output "hello" in the terminal. It's a while
> ago that I searched
> > > the web. All I could find were people saying that the
> above problem is a
> > > bug in screen.
> > 
> > What looks like a bug is actually a hand-crafted
> security feature.
> > Annoying sometimes, but protecting the innocent.
> > 
> > > 
> > > A workaround may involve setting the needed
> permissions before su'ing.
> > 
> > Correct. Best is to chown the device. A group or world
> readable tty is an
> > invitation to hackers. Or simply have your 'su' shell
> within the screen
> > session, if that is possible.
> > 
> >         cheers,
> >                 Jw.
> > 
> > -- 
> >  o \  Juergen Weigert      unix-software __/
> _=======.=======_     
> > <V> | address@hidden         creator    __/       
> _---|____________\/    
> >  \  |            0179/2069677      __/          (____/ 
>           /\
> > (/) | ____________________________/              _/ \_
> vim:set sw=2 wm=8
> > 
> > 
> > _______________________________________________
> > screen-users mailing list
> > address@hidden
> > http://lists.gnu.org/mailman/listinfo/screen-users
> > 
> 
> 
> _______________________________________________
> screen-users mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/screen-users
> 


=====
We sell Spatulas, and that's all!
http://spatula-city.org/~im14u2c/
http://sdk1600.spatula-city.org/
http://intyos.spatula-city.org/