GNU screen [PSARC/2008/413 FastTrack timeout 07/14/2008]
Nicolas Williams
Nicolas.Williams at sun.com
Tue Jul 1 11:48:15 PDT 2008
On Tue, Jul 01, 2008 at 01:26:14PM -0500, Nicolas Williams wrote:
> | - If screen sockets of multiple users are kept in one directory (e.g.
> | /tmp/screens), this directory must be world writable when screen is not
> | installed setuid-root. Any user can remove or abuse any socket then.
>
> On my system screen (from the Solaris CCD) keeps its sockets in
> /tmp/uscreens/S-$USER/.
FWIW, the screen delivered by the Solaris CCD:
- is not setuid/setgid
- does not use PAM
- it gets the load averages just fine, even though it's not setuid
Provided that you disable PAM support in screen and ship it not
setuid/setgid, then the only security issue relates to the path where
screen puts its sockets (see my previous post about that).
Nico
--
More information about the opensolaris-arc
mailing list