Date: Wed, 03 Apr 2002 12:53:59 -0600 From: Christopher Schulte <schulte+freebsd@nospam.schulte.org> To: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org>, <security@freebsd.org> Subject: Re: Is screen really secure? Message-ID: <5.1.0.14.0.20020403124925.034d12b8@pop3s.schulte.org> In-Reply-To: <1320.213.112.58.75.1017858077.squirrel@phucking.kicks-ass. org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:21 PM 4/3/2002 +0200, Jesper Wallin wrote: >Hey.. > >When I started with Linux/Unix security, the first thing I learned was "do >not run a daemon as root as long isn't really require it".. well, when I use >irssi as my primary irc-client which not has any built-in detach function i >use screen instead. When a run a "ps -aux" it shows me screen is runned by >root!? > >Example: >root 302 0.0 0.5 1800 1164 ?? Is Tue04PM 0:01.85 screen irssi > >and it's started as user "z3l3zt".. any ideas/suggestions about this? IIRC, it's because screen is sometimes (usually?) setuid root so it can modify utmp data and register each virtual screen. If you don't like this behavior, just remove the setuid bit. Presto. Screen has had problems in the past, so it might be prudent to chmod -s, in any case. >Jesper aka Z3l3zT -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020403124925.034d12b8>