From owner-freebsd-security Wed Sep 25 12:26:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B761237B401 for ; Wed, 25 Sep 2002 12:26:33 -0700 (PDT) Received: from cithaeron.argolis.org (pool-138-88-46-230.res.east.verizon.net [138.88.46.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3A1143E75 for ; Wed, 25 Sep 2002 12:26:25 -0700 (PDT) (envelope-from piechota@argolis.org) Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.6/8.12.5) with ESMTP id g8PIrmEl091133; Wed, 25 Sep 2002 14:53:48 -0400 (EDT) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.6/8.12.6/Submit) with ESMTP id g8PIrmaI091130; Wed, 25 Sep 2002 14:53:48 -0400 (EDT) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Wed, 25 Sep 2002 14:53:48 -0400 (EDT) From: Matt Piechota To: Bob Fleck Cc: Anthony Schneider , Subject: Re: screen question/problem. In-Reply-To: <1032978873.399.6.camel@mcp.securesoftware.com> Message-ID: <20020925144631.E90374-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 25 Sep 2002, Bob Fleck wrote: > You should _not_ make screen setuid root. Anyone who uses screen > could then act as root, which would be bad. > Make the server program setuid root instead. Screen likes to be root so it can do things like update utmp (or wtmp, whichever). Unless you find a bug, it won't let normal people becomre root, as it knows enough drop into the calling user's permissions before running a shell. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message