-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Nitsche wrote: > Hello list! > > I'm new to this list and here's my first question. > > I'd like to know which security issues are important when I'm setting > screen setuid root. > I tried that on one maschine to use the multiuser feature of screen. > Screen is not running as root and the shells inside aren't, too.
SCREEN (all-caps) is, though, and SCREEN does all the work. It has to be root to spawn shells as other users. To be honest, screen is rife with sloppy buffer usage, and multiply re-implemented string-handling logic. I'll frankly be shocked if there aren't some buffer overflows in there somewhere, so the possibility of someone gaining full root access via screen is not zero. If you're concerned about that, then you should probably see if you can find a more secure means to accomplish what you need. :\ - -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer. Maintainer of GNU Wget and GNU Teseq http://micah.cowan.name/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoqwrgACgkQ7M8hyUobTrEQeQCggdMeyUqm2NRfoxyUpqPh1wLS prwAnjBdQIfCd7PtaFx36f8D/xCZbvTT =UmcR -----END PGP SIGNATURE----- _______________________________________________ screen-users mailing list screen-users@gnu.org http://lists.gnu.org/mailman/listinfo/screen-users
