[screen-devel] Re: Insecure handling of /tmp/screen-exchange

screen-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[screen-devel] Re: Insecure handling of /tmp/screen-exchange

From:	Adam Lazur
Subject:	[screen-devel] Re: Insecure handling of /tmp/screen-exchange
Date:	Wed, 1 Apr 2009 14:28:24 -0700
User-agent:	Mutt/1.5.18 (2008-05-17)

Moritz Muehlenhoff (address@hidden) said:
> Hi,
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 has been assigned
> CVE-2009-1215 and CVE-2009-1214. 
> 
> Can you tell us under what circumstances /tmp/screen-exchange is created,
> so that the risk/required action can be estimated?

writebuf and readbuf (bound to C-a < and C-a >)

It's used by some people to transfer buffers between different screen
processes.

In practice, I don't know of anyone who regularly uses this... but the
screen user community is large and ridiculously strange/diverse.

-- 
Adam Lazur

[Prev in Thread]

Current Thread

[Next in Thread]

[screen-devel] Re: Insecure handling of /tmp/screen-exchange, Adam Lazur <=
- [screen-devel] Re: Insecure handling of /tmp/screen-exchange, Moritz Muehlenhoff, 2009/04/02
  - [screen-devel] Re: Insecure handling of /tmp/screen-exchange, Jan Christoph Nordholz, 2009/04/01

Prev by Date: [screen-devel] Re: Insecure handling of /tmp/screen-exchange
Next by Date: [screen-devel] Re: Insecure handling of /tmp/screen-exchange
Next by thread: [screen-devel] Re: Insecure handling of /tmp/screen-exchange
Index(es):
- Date
- Thread