[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [screen-devel] screen review

From: Miroslav Lichvar
Subject: Re: [screen-devel] screen review
Date: Mon, 17 Jan 2011 14:42:22 +0100
User-agent: Mutt/1.5.21 (2010-09-15)

On Sat, Jan 15, 2011 at 10:15:22AM -0800, Sadrul Habib Chowdhury wrote:
> On Thu, Jan 13, 2011 at 8:59 AM, Miroslav Lichvar <address@hidden>wrote:
> > attached are some patches for issues found in a screen review, please
> > consider for inclusion.
> >
> Hi! Thanks for the patches. Perhaps you could briefly explain what each
> patch does (e.g. what bugs they fix etc.)?

I'm not sure if there are any real bugs fixed by the patches, I just
received a list of issues from people working on the Common Criteria
Certification. I think the patches do what is considered a good
practice in security.

patch 1: not checking return code from setgid/setuid can lead to
vulnerabilities, see CVE-2006-2607

patch 5: tty should be checked if it's not a hardlink and it starts with
/dev, in login.c from util-linux-ng there are comments:

/* In case login is suid it was possible to use a hardlink as stdin
   and exploit races for a local root exploit. (Wojciech Purczynski). */
/* More precisely, the problem is  ttyn := ttyname(0); ...; chown(ttyn);
   here ttyname() might return "/tmp/x", a hardlink to a pseudotty. */
/* All of this is a problem only when login is suid, which it isnt. */

patches 3, 4, 6 probably fix warnings from a static code analyzer.

Not sure about patch 2 (setting PAM_TTY item).


Miroslav Lichvar

reply via email to

[Prev in Thread] Current Thread [Next in Thread]