Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 2394 - permissions for /tmp/screens
Summary: permissions for /tmp/screens
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: screen
Version: 6.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-04-28 15:31 UTC by Leos Bitto
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-04-28 15:54:58 UTC


Attachments (Terms of Use)

Description Leos Bitto 1999-04-28 15:31:20 UTC
When I run screen as root, I get this message:

Directory '/tmp/screens' must have mode 755.

OK, chmod 755 /tmp/screens. Later I try to run screen as
regular user, and I get differnent messgae:

Directory '/tmp/screens' must have mode 777.

I can chmod 777 /tmp/screens, but hey, then I won't be able
to run screen as root...

Comment 1 Bill Nottingham 1999-04-28 15:54:59 UTC
fixed in screen-3.7.6-7, available in rawhide later this week...

Comment 2 David Balažic 1999-06-18 14:42:59 UTC
screen 3.7.6-9 still not 100% ok.
If /tmp/screens does not exist and root runs screen,
then /tmp/screens is created with mode 755 !
After exiting screen and rerunning it , it complains that it
should be 777. When run by other users , then it complains too.
It it doesn't exists, when non-root runs screen , then it is created
correctly with 777.

Comment 3 Chris Evans 1999-06-18 16:05:59 UTC
The correct solution, now that screen doesn't run SUID root (hurrah!),
is to run screen in the mode where it stores its files in a per-user
personal .screen directory.

Much more secure than some /tmp frig.

As it stands, the first user to run screen gets ownership of
/tmp/screens, and hence can do a trivial DoS


Note You need to log in before you can comment on or make changes to this bug.