(www.openwall.com)

414 points st_goliath | 3 comments | 13 May 25 11:28 UTC | HN request time: 0.831s | source

Show context

teddyh ◴[13 May 25 12:09 UTC] No.43972000[source]▶

Note: In Debian, GNU screen is not installed with setuid-root privileges.

1. jmclnx ◴[13 May 25 13:22 UTC] No.43972667[source]▶

Slackware 15:

lrwxrwxrwx 1 root root 12 Feb 11 2022 /usr/bin/screen -> screen-4.9.0

-rwxr-xr-x 1 root root 455016 Feb 1 2022 /usr/bin/screen-4.9.0

no suid

replies(1): >>43979544 #

2. jmclnx ◴[14 May 25 00:49 UTC] No.43979544[source]▶

FWIW, Slackware 15 was updated to screen to screen-4.9.1.

This update fixes security issues:

* attacher.c - prevent temporary 0666 mode on PTYs.

* avoid file existence test information leaks.

* socket.c - don't send signals with root privileges.

replies(1): >>43982312 #

3. lazide ◴[14 May 25 08:42 UTC] No.43982312[source]▶

Damn, Slackware. That’s a name I haven’t heard in a very long time.

Multiple security issues in GNU Screen