[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: problem using screen after running /bin/su
From: |
Joe Zbiciak |
Subject: |
RE: problem using screen after running /bin/su |
Date: |
Mon, 30 Aug 2004 04:47:18 -0700 (PDT) |
(oops, a resend that includes the list)
If you open the magic "/dev/tty", the kernel will give
you a file handle that points to the same pseudo-terminal
as /dev/pts/<#>.
Screen opens /dev/pts/<#>, not /dev/tty. Likely, other
programs are opening /dev/tty.
Perhaps screen should implement a fallback -- if it can't
open /dev/pts/<#>, try opening /dev/tty as a last resort?
It can still put /dev/pts/<#> in utmp if it's updating
utmp.
Regards,
--Joe
--- David Balazic <address@hidden> wrote:
> >From your explanation I don't see why all other programs
> work ( can read and
> write the tty ),
> while screen can't.
>
>
> > ----------
> > From:
> >
>
address@hidden:screen-users-bou
> > address@hidden on behalf of
> Juergen
> > Weigert[SMTP:address@hidden
> > Reply To: address@hidden
> > Sent: 27. avgust 2004 18:45
> > To: Felix E. Klee
> > Cc: address@hidden
> > Subject: Re: problem using screen after running
> /bin/su
> >
> > On Aug 27, 04 17:50:33 +0200, Felix E. Klee wrote:
> > > On Fri, 27 Aug 2004 08:39:48 -0700 (PDT) Edward
> Quillen wrote:
> > > > Cannot open your terminal '/dev/pts/4' - please
> check.
> > >
> > > I have the same problem under Linux. I found out that
> the device is
> > > owned by the user who started the terminal
> (emulator). Ordinary users
> > > cannot read/write from/to that device.
> >
> > And this is very good, the way it is. Otherwise, your
> 'ordinary user'
> > could
> > try to read from the device while you were typing your
> password.
> >
> > > The device seems to be central
> > > for IO; for example issuing
> > >
> > > echo "hello" > /dev/pts/4
> >
> > Writing to a foreign tty is only a mild annouyance.
> > But reading is a security risk.
> >
> > > should output "hello" in the terminal. It's a while
> ago that I searched
> > > the web. All I could find were people saying that the
> above problem is a
> > > bug in screen.
> >
> > What looks like a bug is actually a hand-crafted
> security feature.
> > Annoying sometimes, but protecting the innocent.
> >
> > >
> > > A workaround may involve setting the needed
> permissions before su'ing.
> >
> > Correct. Best is to chown the device. A group or world
> readable tty is an
> > invitation to hackers. Or simply have your 'su' shell
> within the screen
> > session, if that is possible.
> >
> > cheers,
> > Jw.
> >
> > --
> > o \ Juergen Weigert unix-software __/
> _=======.=======_
> > <V> | address@hidden creator __/
> _---|____________\/
> > \ | 0179/2069677 __/ (____/
> /\
> > (/) | ____________________________/ _/ \_
> vim:set sw=2 wm=8
> >
> >
> > _______________________________________________
> > screen-users mailing list
> > address@hidden
> > http://lists.gnu.org/mailman/listinfo/screen-users
> >
>
>
> _______________________________________________
> screen-users mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/screen-users
>
=====
We sell Spatulas, and that's all!
http://spatula-city.org/~im14u2c/
http://sdk1600.spatula-city.org/
http://intyos.spatula-city.org/