[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pair Programming Screencast (ssh, screen, vim and skype)

From: Micah Cowan
Subject: Re: Pair Programming Screencast (ssh, screen, vim and skype)
Date: Mon, 29 Jun 2009 23:12:51 -0700
User-agent: Thunderbird (X11/20090608)

Hash: SHA1

oreng wrote:
> I am planning to do a 10 minutes presentation about this topic.
> Please watch my screencast and provide me any feedback/corrections you want.
> Also I have the following questions:
> 1. What is the limit to the number of users connected to a screen session?
> 2. "multiplexes a physical terminal between several processes" - what does
> multiplexes means in the context of Screen.
> 3. sudo chmod u+s /usr/bin/screen - only if there is a flaw in screen's
> authentication, it might be a security risk.    Is this statement accurate? 
> what exactly can happened?

Hi oreng,

I gave my understandings of 1 & 2 on IRC, so I'll just take number 3 here.

Aside from authentication flaws, which are fairly unlikely, chmod u+s on
a screen binary that's owned by root (necessary for multiuser) means
that the background SCREEN process runs as root. This process does
pretty much all the work. In addition to this, screen's code doesn't use
a consistent, single mechanism for handling buffer-limit checks, which
it has to do often, and so (IMO) there is a fairly high likelihood that
there are buffer overruns lurking. This means someone might conceivably
be able to smash the stack and then get screen to do whatever they want,
as root.

- --
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer.
Maintainer of GNU Wget and GNU Teseq
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


reply via email to

[Prev in Thread] Current Thread [Next in Thread]