open and euid security flaw in 5.0-Current?

• Previous message: Crist J. Clark: "Re: bridge and firewall"
• Next in thread: Robert Watson: "Re: open and euid security flaw in 5.0-Current?"
• Maybe reply: Killing: "Re: open and euid security flaw in 5.0-Current?"
• Reply: Robert Watson: "Re: open and euid security flaw in 5.0-Current?"
• Maybe reply: Killing: "Re: open and euid security flaw in 5.0-Current?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <freebsd-hackers@freebsd.org>, <freebsd-security@freebsd.org>
Date: Sat, 17 May 2003 03:46:15 +0100

On a FreeBSD 5.0 the behaviour of screen when connecting to other
users sessions have changed. Previously:
1. login as userA start a screen as userA and disconnect
2. login as root su - userA "screen -r"
3. result failure as userA cant access the ttyX with such a message
Current:
1. login as userA start a screen as userA and disconnect
2. login as root su - userA "screen -r"
3. result failure as userA cant access the ttyX but no message

After looking around in screen's code I found that after doing a
seteuid( userA ) an open on root's terminal is still succeseding.

Surely this is a problem as when running euid userA there should
be no access to ruid's files?

    Steve / K

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Crist J. Clark: "Re: bridge and firewall"
• Next in thread: Robert Watson: "Re: open and euid security flaw in 5.0-Current?"
• Maybe reply: Killing: "Re: open and euid security flaw in 5.0-Current?"
• Reply: Robert Watson: "Re: open and euid security flaw in 5.0-Current?"
• Maybe reply: Killing: "Re: open and euid security flaw in 5.0-Current?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]