On Mon, May 31, 2010 at 12:07:54PM -0700, Kees Cook wrote: > IIRC, screen, when setuid, allows users to share screen sessions (following > some system-defined ACLs) but it does it via the /tmp directory trees it > creates. Per-user /tmp would break this (but yes, it's solvable using some > kind of /var/lib/screen which maybe even already exists). screen(1) does *not* put directories in /tmp these days, TYVM. al@duke:~/linux/trees/vfs-next$ ls -l /var/run/screen/ total 1 drwx------ 2 al al 1024 May 20 21:50 S-al That's lenny/x86_64; I can't be arsed to install ubuntu, but in case you have a really ancient screen(1), pulling one from debian -stable would suffice. IIRC, -oldstable would work as well, actually, but I could be wrong on that. In any case, the suggested "improvement" breaks realistic use cases, AFAICS. In particular, cd /tmp tar jxf foo-2.42.orig.tar.bz2 <...> tar jxf foo-gtk-wank-wank-wank-2.69.orig.tar.bz2 <...> ln -s foo-gtk-wank-wank-wank-2.69/docs/GNOME/design/ crap <...> lpr crap/taste-is-optional.ps lpr crap/why-options-are-wrong.ps is going to break with that, isn't it? -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
