[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [screen-devel] [bug #50142] root exploit 4.5.0
From: |
Jürgen Weigert |
Subject: |
Re: [screen-devel] [bug #50142] root exploit 4.5.0 |
Date: |
Thu, 26 Jan 2017 18:18:16 +0100 |
Hey Alex, I can reproduce the following:
rm -f bla
touch bla
screen -L bla
-> file bla still owned by myself and filled in with log file contents.
rm -f bla
screen -L bla
-> file bla created with owner root and filled in with log file contents.
sudo rm -f bla
echo hello world | sudo dd od=bla
screen -L bla
-> file bla still owned by root but truncated to length 0.
Reverting the initial write check
http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
should fix it. Please test. Please let me know as soon as I can test.
cheers, JW-
PS: when I first saw the code I wondered what the use case was and
immediatly thought of an exploit. But with the initial test and
everything I was conviced it should be good. Damed...
On Tue, Jan 24, 2017 at 11:23 PM, Alex Naumov
<address@hidden> wrote:
> Hi Axel,
>
> I also can't reproduce it, but it's depend on how do you install
> GNU screen and which security mechanisms do you use in your OS.
>
> There is 2 very nasty bugs and one of them is security related...
>
> As I said, I'm working on that and going to release 4.5.1 as a
> security/bugfix release next month.
>