Re: [screen-devel] ctrl-c Bug? :-)

[Juergen Weigert]

On Jun 24, 08 01:09:38 -0400, Eric Garrido wrote:
> I'm of the opinion that this isn't a valiant method of publicizing an
> "exploit", but care more about the end than the means.
> 
> This appears to be fixed in HEAD, or at least, I can't immediately
> reproduce it out of the tree. I'll bisect it tomorrow.
> 
> Eric
> 
> On Mon, Jun 23, 2008 at 11:12 AM, rembrandt <address@hidden> wrote:
> > As posted to the OpenBSD Mailinglist this is a problem is propably more
> > related to you directly.
> >
> > I made an update to the following Advisory after people in the CERTS (I
> > wont mention any here..) because a lot claimed it's a fake/myth.
> > 
> > http://marc.info/?l=openbsd-ports&m=121422445904683&w=2

This exploit exploits that the user neglected to set a screen
password and did not read the manual.

I appreciate any suggestions on how to improve user education here.

Patching the screen attacher process to ignore EINTR can only have an
effect if 
- screen uses screen_builtin_lck() and 
- is compiled without PAM support (not recommended).

The suggested patch is harmless, but indicates that tty initialization on
OpenBSD fails.

        cheers,
                Jw.

-- 
 o \  Juergen Weigert  paint it green! __/ _=======.=======_
<V> | address@hidden                    __/        _---|____________\/
 \  | 0911 74053-508         (tm)__/          (____/            /\
(/) | __________________________/             _/ \_ vim:set sw=2 wm=8
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)