From owner-freebsd-security Wed Sep 25 12:13:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5060F37B401 for ; Wed, 25 Sep 2002 12:13:24 -0700 (PDT) Received: from mail.securesoftware.com (w168.z205158144.scl-ca.dsl.cnc.net [205.158.144.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94C1943E75 for ; Wed, 25 Sep 2002 12:13:23 -0700 (PDT) (envelope-from bob@securesoftware.com) Received: from wless213.securesoftware.com (unknown [10.10.20.213]) by mail.securesoftware.com (Postfix) with ESMTP id 9309C13459D; Wed, 25 Sep 2002 15:15:04 -0400 (EDT) Subject: Re: screen question/problem. From: Bob Fleck To: Matt Piechota Cc: Anthony Schneider , freebsd-security@FreeBSD.ORG In-Reply-To: <20020925144631.E90374-100000@cithaeron.argolis.org> References: <20020925144631.E90374-100000@cithaeron.argolis.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 25 Sep 2002 15:10:40 -0400 Message-Id: <1032981041.399.8.camel@mcp.securesoftware.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 2002-09-25 at 14:53, Matt Piechota wrote: > On 25 Sep 2002, Bob Fleck wrote: > > > You should _not_ make screen setuid root. Anyone who uses screen > > could then act as root, which would be bad. > > Make the server program setuid root instead. > > Screen likes to be root so it can do things like update utmp (or wtmp, > whichever). Unless you find a bug, it won't let normal people becomre > root, as it knows enough drop into the calling user's permissions before > running a shell. Bah, you're right, wasn't thinking before I sent that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message