|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
open and euid security flaw in 5.0-Current?
From: Killing (killing
barrysworld.com)
Date: Fri May 16 2003 - 21:46:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On a FreeBSD 5.0 the behaviour of screen when connecting to other
users sessions have changed. Previously:
1. login as userA start a screen as userA and disconnect
2. login as root su - userA "screen -r"
3. result failure as userA cant access the ttyX with such a message
Current:
1. login as userA start a screen as userA and disconnect
2. login as root su - userA "screen -r"
3. result failure as userA cant access the ttyX but no message
After looking around in screen's code I found that after doing a
seteuid( userA ) an open on root's terminal is still succeseding.
Surely this is a problem as when running euid userA there should
be no access to ruid's files?
Steve / K
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]