Date: 25 Sep 2002 15:10:40 -0400 From: Bob Fleck <bob@securesoftware.com> To: Matt Piechota <piechota@argolis.org> Cc: Anthony Schneider <anthony@x-anthony.com>, freebsd-security@FreeBSD.ORG Subject: Re: screen question/problem. Message-ID: <1032981041.399.8.camel@mcp.securesoftware.com> In-Reply-To: <20020925144631.E90374-100000@cithaeron.argolis.org> References: <20020925144631.E90374-100000@cithaeron.argolis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2002-09-25 at 14:53, Matt Piechota wrote: > On 25 Sep 2002, Bob Fleck wrote: > > > You should _not_ make screen setuid root. Anyone who uses screen > > could then act as root, which would be bad. > > Make the server program setuid root instead. > > Screen likes to be root so it can do things like update utmp (or wtmp, > whichever). Unless you find a bug, it won't let normal people becomre > root, as it knows enough drop into the calling user's permissions before > running a shell. Bah, you're right, wasn't thinking before I sent that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1032981041.399.8.camel>