Date: Sat, 17 May 2003 03:46:15 +0100 From: "Killing" <killing@barrysworld.com> To: <freebsd-hackers@freebsd.org>, <freebsd-security@freebsd.org> Subject: open and euid security flaw in 5.0-Current? Message-ID: <001f01c31c1e$7e00e3d0$9f00a8c0@mshome.net>
next in thread | raw e-mail | index | archive | help
On a FreeBSD 5.0 the behaviour of screen when connecting to other
users sessions have changed. Previously:
1. login as userA start a screen as userA and disconnect
2. login as root su - userA "screen -r"
3. result failure as userA cant access the ttyX with such a message
Current:
1. login as userA start a screen as userA and disconnect
2. login as root su - userA "screen -r"
3. result failure as userA cant access the ttyX but no message
After looking around in screen's code I found that after doing a
seteuid( userA ) an open on root's terminal is still succeseding.
Surely this is a problem as when running euid userA there should
be no access to ruid's files?
Steve / K
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001f01c31c1e$7e00e3d0$9f00a8c0>