screen-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[screen-devel] [bug #59013] Incorrect logic for SOCKET_DIR (/run/screen)

From: anonymous
Subject: [screen-devel] [bug #59013] Incorrect logic for SOCKET_DIR (/run/screen) permissions
Date: Tue, 25 Aug 2020 22:22:42 -0400 (EDT)
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15 
URL:
  <https://savannah.gnu.org/bugs/?59013>

                 Summary: Incorrect logic for SOCKET_DIR (/run/screen)
permissions
                 Project: GNU Screen
            Submitted by: None
            Submitted on: Wed 26 Aug 2020 02:22:40 AM UTC
                Category: Program Logic
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
                 Release: 4.6.2
         Discussion Lock: Any
           Fixed Release: None
         Planned Release: None
           Work Required: None

    _______________________________________________________

Details:

screen.c (near lines 809 - 812)
Program is using the running user and their access as the master permissions
on the directory for all users.  Hence, screen constantly panics mandating
different permissions when multiple users (of differing privleges) attempt
execution.

Program should not be mandating permissions for access beyond current user's
scope.

Tested in Fedora 31 with packaged RPM.
SOCKET_DIR = /run/screen and is a common base directory for user sub-directory
holding sockets.

When /run/screen is not 755:
User owning directory receives panic demanding 755 permissions.
(This demonstrates the bug.)

When /run/screen is 777:
User with group access receives panic demanding 775 permissions.
(This demonstrates the bug.)

When /run/screen is 775:
User with world access receives panic demanding 777 permissions.






    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?59013>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]