[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIH] (fwd) SuSE Security Announcement: screen

Neither RH 6.1 (as per Suresh) nor 6.2 (as per my own computer) need
to be upgraded.  You need to upgrade ONLY IF screen is setuid root in
your distribution.


-- Raju

P.S. Even if it isn't (setuid root), you can of course still get an
exploit which will give you a shell with your own UID; I don't
consider this a security hole, but the schizophrenics amongst you may

>>>>> "Suresh" == Suresh Ramasubramanian <sureshr@xxxxxxx> writes:

    Suresh> [snip]

    Suresh> Hmmm... my screen is not installed with setuid (and this
    Suresh> is a redhat 6.1 pcq box upgraded in bits and patches to
    Suresh> pinstripe <rh 6.9.5 - that is, 7 beta)

    Suresh> [mallet@mjollnir] ~$ ls -l `which screen` -rwxr-xr-x 1
    Suresh> root root 236404 Aug 18 1999 /usr/bin/screen*

    Suresh> -suresh