-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 oreng wrote: > I am planning to do a 10 minutes presentation about this topic. > Please watch my screencast and provide me any feedback/corrections you want. > http://www.youtube.com/watch?v=IFClpADY7Tc > > Also I have the following questions: > 1. What is the limit to the number of users connected to a screen session? > 2. "multiplexes a physical terminal between several processes" - what does > multiplexes means in the context of Screen. > 3. sudo chmod u+s /usr/bin/screen - only if there is a flaw in screen's > authentication, it might be a security risk. Is this statement accurate? > what exactly can happened?
Hi oreng, I gave my understandings of 1 & 2 on IRC, so I'll just take number 3 here. Aside from authentication flaws, which are fairly unlikely, chmod u+s on a screen binary that's owned by root (necessary for multiuser) means that the background SCREEN process runs as root. This process does pretty much all the work. In addition to this, screen's code doesn't use a consistent, single mechanism for handling buffer-limit checks, which it has to do often, and so (IMO) there is a fairly high likelihood that there are buffer overruns lurking. This means someone might conceivably be able to smash the stack and then get screen to do whatever they want, as root. - -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer. Maintainer of GNU Wget and GNU Teseq http://micah.cowan.name/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpJrOMACgkQ7M8hyUobTrFyOgCfSxAUcDahIx7gtitiDmkHFERE ZYoAn3PK3aC290OCZIHeiOGvl9vyIoL+ =Mt4/ -----END PGP SIGNATURE----- _______________________________________________ screen-users mailing list screen-users@gnu.org http://lists.gnu.org/mailman/listinfo/screen-users
