screen 3.5.2 security

screen 3.5.2 security

Post by Richard Huvenee » Sat, 23 Jul 1994 15:55:01



I posted this two weeks ago, but got no responses, so I try it again.

I heard that there has been a discussion about a security problem with
screen 3.5.2 three weeks in this group.

Since I missed it, can someone please repost the outcome of this discussion?

Thanks,

Richard.

 
 
 

screen 3.5.2 security

Post by matthew gre » Tue, 26 Jul 1994 22:01:30



>I posted this two weeks ago, but got no responses, so I try it again.

>I heard that there has been a discussion about a security problem with
>screen 3.5.2 three weeks in this group.

>Since I missed it, can someone please repost the outcome of this discussion?

to the best of my knowledge, there are no known security
problems with screen 3.5.2.

 
 
 

screen 3.5.2 security

Post by Alan Jaffr » Wed, 03 Aug 1994 11:41:01




>>I heard that there has been a discussion about a security problem with
>>screen 3.5.2 three weeks in this group.

>I'm not aware of any security problems with screen.

I didn't see any replies to this post, which discussed a security problem
with screen when installed non-suid.  If the poster is incorrect (or if
there's a non-suid way to fix it) I'd like to hear about it, since I
maintain a number of useful utilities on this (SunOS 4.1.3) system and
would like to include screen but have been reluctant to do so because
of this problem.  (I don't have root here, thank God. :) )

Alan

Newsgroups: comp.security.unix

Subject: Re: SCREEN program security issues


Date: Wed, 29 Jun 1994 18:30:24 GMT



)
)>2) If it is not installed suid root, and /etc/utmp is not world writable, then
)>   the user cannot really hide anything, but what happens is the tty they log
)>   into is the only one that shows up on 'w', but "screen" is what shows up
)>   in the 'what' field.  Each new screen they open up is hidden, because it
)>   cannot be added to the /etc/utmp file, but you will know that the person
)>   is running screen, and do a "ps aux | grep username" if you suspect them
)>   of something.
)
)       I think having screen setuid root is a big mistake.  It should at least
)be setuid <some system related group> and have utmp be in that group, writable
)by that group.  It tends to protect you when the cert comes out saying that
)root access can be gained through exploiting a hole in screen.  :-)

If screen (or any other program that is supposed to allocate tty's) is not
setuid, then the user's tty's remain at default permissions, allowing anyone
on the system to see what they're doing.  I'd rather have a potential
security hole than a sure one.

An alternative is to have a small setuid program that the screen user can
run that grabs his tty (a better alternative is to have a kernel hook but
that's less trivial).  
 -Tom