<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: GNU screen buffer overflow

Re: GNU screen buffer overflow

From: Pavel Kankovsky <peak_at_argo.troja.mff.cuni.cz>
Date: Wed, 3 Dec 2003 20:36:10 +0100 (MET)

On Mon, 1 Dec 2003, Kyle Sallee wrote:

> > With devpts and libutempter it is possible to install fully functional
> > screen without suid/sgid.
>
> Does that mean any program that links with libutempter gains
> complete suid/sgid root functionality, or only when executing
> the functions in the libutempter library, please?

This means you do not need setuid root because devpts sets up the slave
pty owner and group automatically and you do not need direct access to
utmp/wtmp, e.g. via setgid utmp, because libtempter functions call an
external setgid utmp helper called utempter to modify those files (the
calling process is required to hold a corresponding master pty).

--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
Received on Dec 03 2003

This message: [ Message body ]
Next message: SGI Security Coordinator: "Multiple OpenSSH/OpenSSL Vulnerabilities Update on IRIX"
Previous message: Magosányi Árpád: "Summary: where to discuss common criteria issues?"
In reply to: Kyle Sallee: "Re: GNU screen buffer overflow"
Next in thread: Casper Dik: "Re: GNU screen buffer overflow"
Reply: Casper Dik: "Re: GNU screen buffer overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]