Bug 2394
Summary: | permissions for /tmp/screens | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Leos Bitto <bitto> |
Component: | screen | Assignee: | David Lawrence <dkl> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | CC: | chris |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 1999-04-28 15:54:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Leos Bitto
1999-04-28 15:31:20 UTC
fixed in screen-3.7.6-7, available in rawhide later this week... screen 3.7.6-9 still not 100% ok. If /tmp/screens does not exist and root runs screen, then /tmp/screens is created with mode 755 ! After exiting screen and rerunning it , it complains that it should be 777. When run by other users , then it complains too. It it doesn't exists, when non-root runs screen , then it is created correctly with 777. The correct solution, now that screen doesn't run SUID root (hurrah!), is to run screen in the mode where it stores its files in a per-user personal .screen directory. Much more secure than some /tmp frig. As it stands, the first user to run screen gets ownership of /tmp/screens, and hence can do a trivial DoS |