[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[screen-devel] Re: Insecure handling of /tmp/screen-exchange
From: |
Adam Lazur |
Subject: |
[screen-devel] Re: Insecure handling of /tmp/screen-exchange |
Date: |
Wed, 1 Apr 2009 14:28:24 -0700 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Moritz Muehlenhoff (address@hidden) said:
> Hi,
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 has been assigned
> CVE-2009-1215 and CVE-2009-1214.
>
> Can you tell us under what circumstances /tmp/screen-exchange is created,
> so that the risk/required action can be estimated?
writebuf and readbuf (bound to C-a < and C-a >)
It's used by some people to transfer buffers between different screen
processes.
In practice, I don't know of anyone who regularly uses this... but the
screen user community is large and ridiculously strange/diverse.
--
Adam Lazur
- [screen-devel] Re: Insecure handling of /tmp/screen-exchange,
Adam Lazur <=