GNU screen [PSARC/2008/413 FastTrack timeout 07/14/2008]
Nicolas Williams
Nicolas.Williams at sun.com
Wed Jul 2 09:35:15 PDT 2008
On Wed, Jul 02, 2008 at 10:59:03AM +0100, Brian Ruthven - Sun UK wrote:
> However, this seems like a very simple DoS attack to me. It's obvious
> what the problem is (thankfully, the error messages are meaningful), but
> still requires manual intervention to fix the problem. What steps could
> be taken to prevent this? (if it is even worth preventing in the first
> place)
We have this attack for lots of other things, sadly.
> I'll offer the following for consideration:
> Could the socket dir be located under, e.g. /var/run instead?
> I hesitantly also suggest a new tmpfs filesystem, something like
> /var/screens.
> The solution of Solaris creating the directory every bootup seems
> like a bit of a hack to me, but I'll mention it anyway :-)
IMO the correct solution is for a PAM module (pam_unix_session) to
mktemp a user's TMPDIR the first time the user logs in since boot. The
module should record this TMPDIR so that the user gets the same TMPDIR
on subsequent logins whenever possible (e.g., whenever the TMPDIR is
still owned by the user). The module should set that environment
variable.
And then screen could use $TMPDIR/screens as the socket dir.
Nico
--
More information about the opensolaris-arc
mailing list