On Tuesday 06 January 2004 20:22, Jason wrote: > The 7.3 rpms work for me.. I don't have a 7.2 box available to test > that one. > > The default in 7.3 is to not suid the screen binary, so I think we're > safe from privilege escalation (unless the user does it of their own > volition). But, I am a bit concerned with the idea that someone > could hijack my screen session. So, is this a patch we want to push? > If so, we should patch the RH8 rpms as well. RH hasn't yet released > a patch for 9, though it has a vulnerable version. Since I use screen daily on a 7.3 box, this is a fairly important one to me. I'd like to see it fixed for 8 as well. Hopefully I'll have a 7.2 box up to test tonight although it may have to wait for a harddrive ): Do you have a way of testing the overflow, or are we just testing functionality of screen once this patch is added? -- Jesse Keating RHCE MCSE (geek.j2solutions.net) Fedora Legacy Team (www.fedora.us/wiki/FedoraLegacy) Mondo DevTeam (www.mondorescue.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating
Attachment:
pgp00156.pgp
Description: signature
