[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
screen possible security hole.
|
From: |
Asif Haswarey |
|
Subject: |
screen possible security hole. |
|
Date: |
Fri, 28 Feb 2003 19:52:18 -0800 |
Hi Mr. screen-developer!
First of all, I want to say:
Nice piece of work!
Secondly, there might be a possible security issue
with the multiuser session.
0) I start screen.
1) I enable multiuser.
2) I allow access for root [ie. acladd root]
3) I change root's execution permission:
aclchg root -x "#"kill,password
4) Now in another xterm I login as root and
connect to the screen session starting in
step 0 above.
5) Then in the root xterm, I do a "aclchg root +x"
6) Now in the root xterm I am able to do:
kill
which kills the screen session!!!
This is a big problem!
When I as user asifhh, start a screen session, and
disable every other user's execution permission for
a screen command like kill, the "every other user"
can simply acl change the execution permission for
him/herself and execute the kill command!!!
I would atleast expect that by default *only* the
starter/creator of the screen session has access
to the screen commands:
acladd
aclchg
acldel
By default on one else should be able to execute these.
Ok, now another problem I noticed is with the "read" permission
setting.
Suppose I asifhh started a session called ddd. And I have
2 windows for this session 0 and 1.
Now another user (ie. root) joins my session ddd.
Suppose that roots current window is 1. When I do a
aclchg root -r "1"
The root user can still "read" window "1". When root
switches to window "0" and then tries to swich back
to window "1", then root cannot get access.
I would expect that as soon as I disable "read" of any
particular window for a user, that user should not be
able to read that window immediately.
Ok one more potential problem I noticed.
The creator of the session should not be able to
do something like:
aclchg * -x
If the creator does "acldhg * -x", then the creator of
the session can no more execute screen commands!!!
I know, I know, a person using screen should know what
they are doing. :-)
But take the scenerio that involves disabling execution
permissions for 20 users. The creator of the session should
not have to type out the names of 20 different users
on the :aclchg commandline, dont you agree?
So I propose that "*" should not include the username
that created the session, but every other user.
Still a good piece of program though! :-)
--
Asif Haswarey (510)574-9049
Sun Microsystems, Inc. x39049
Network & Security Group address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- screen possible security hole.,
Asif Haswarey <=