[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security issues with screen setuid root
|
From: |
Micah Cowan |
|
Subject: |
Re: security issues with screen setuid root |
|
Date: |
Sat, 06 Jun 2009 12:25:44 -0700 |
|
User-agent: |
Thunderbird 2.0.0.21 (X11/20090318) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andreas Nitsche wrote:
> Hello list!
>
> I'm new to this list and here's my first question.
>
> I'd like to know which security issues are important when I'm setting
> screen setuid root.
> I tried that on one maschine to use the multiuser feature of screen.
> Screen is not running as root and the shells inside aren't, too.
SCREEN (all-caps) is, though, and SCREEN does all the work. It has to be
root to spawn shells as other users.
To be honest, screen is rife with sloppy buffer usage, and multiply
re-implemented string-handling logic. I'll frankly be shocked if there
aren't some buffer overflows in there somewhere, so the possibility of
someone gaining full root access via screen is not zero. If you're
concerned about that, then you should probably see if you can find a
more secure means to accomplish what you need. :\
- --
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer.
Maintainer of GNU Wget and GNU Teseq
http://micah.cowan.name/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoqwrgACgkQ7M8hyUobTrEQeQCggdMeyUqm2NRfoxyUpqPh1wLS
prwAnjBdQIfCd7PtaFx36f8D/xCZbvTT
=UmcR
-----END PGP SIGNATURE-----