Date: Wed, 7 Jan 1998 02:25:10 -0800 (PST)
From: Taz <taz@webmaster.com>
To: fyodor@dhp.com
Subject: screen, etc
Hello,
This evening I was checking out your web site and noticed that you
didn't have the screen bug listed so let me give you a brief overview just
in case you havent heard of it.
If screen is installed setuid like its supposed to be, then any
normal user can execute 'screen -ln' and they become cloaked. They are
temporarily removed from wtmp/utmp. From here you can execute any command
you want without fear of being seen in w/finger/who, etc. When your done
doing your secret commands, exit screen and you reappear in utmp/wtmp.
This bug is still present in 3.7.4 which is the distributed
widely with the latest versions of FreeBSD so I would say its a problem.
[ cut ]
-taz
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
