From owner-freebsd-security  Wed Apr  3 10:55:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from clink.schulte.org (clink.schulte.org [209.134.156.193])
	by hub.freebsd.org (Postfix) with ESMTP id E548C37B419
	for <security@freebsd.org>; Wed,  3 Apr 2002 10:55:30 -0800 (PST)
Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65])
	by clink.schulte.org (Postfix) with ESMTP
	id 117622442D; Wed,  3 Apr 2002 12:55:29 -0600 (CST)
Message-Id: <5.1.0.14.0.20020403124925.034d12b8@pop3s.schulte.org>
X-Sender: 
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 03 Apr 2002 12:53:59 -0600
To: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org>,
	<security@freebsd.org>
From: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Subject: Re: Is screen really secure?
In-Reply-To: <1320.213.112.58.75.1017858077.squirrel@phucking.kicks-ass.
 org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 08:21 PM 4/3/2002 +0200, Jesper Wallin wrote:
>Hey..
>
>When I started with Linux/Unix security, the first thing I learned was "do
>not run a daemon as root as long isn't really require it".. well, when I use
>irssi as my primary irc-client which not has any built-in detach function i
>use screen instead. When a run a "ps -aux" it shows me screen is runned by
>root!?
>
>Example:
>root     302  0.0  0.5  1800 1164  ??  Is   Tue04PM   0:01.85 screen irssi
>
>and it's started as user "z3l3zt".. any ideas/suggestions about this?

IIRC, it's because screen is sometimes (usually?) setuid root so it can 
modify utmp data and register each virtual screen.

If you don't like this behavior, just remove the setuid bit.  Presto.

Screen has had problems in the past, so it might be prudent to chmod -s, in 
any case.

>Jesper aka Z3l3zT

--
Christopher Schulte
http://www.schulte.org/
Do not un-munge my @nospam.schulte.org
email address.  This address is valid.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message