Re: Pair Programming Screencast (ssh, screen, vim and skype)

[Micah Cowan]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

oreng wrote:
> I am planning to do a 10 minutes presentation about this topic.
> Please watch my screencast and provide me any feedback/corrections you want.
> http://www.youtube.com/watch?v=IFClpADY7Tc
> 
> Also I have the following questions:
> 1. What is the limit to the number of users connected to a screen session?
> 2. "multiplexes a physical terminal between several processes" - what does
> multiplexes means in the context of Screen.
> 3. sudo chmod u+s /usr/bin/screen - only if there is a flaw in screen's
> authentication, it might be a security risk.    Is this statement accurate? 
> what exactly can happened?

Hi oreng,

I gave my understandings of 1 & 2 on IRC, so I'll just take number 3 here.

Aside from authentication flaws, which are fairly unlikely, chmod u+s on
a screen binary that's owned by root (necessary for multiuser) means
that the background SCREEN process runs as root. This process does
pretty much all the work. In addition to this, screen's code doesn't use
a consistent, single mechanism for handling buffer-limit checks, which
it has to do often, and so (IMO) there is a fairly high likelihood that
there are buffer overruns lurking. This means someone might conceivably
be able to smash the stack and then get screen to do whatever they want,
as root.

- --
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer.
Maintainer of GNU Wget and GNU Teseq
http://micah.cowan.name/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpJrOMACgkQ7M8hyUobTrFyOgCfSxAUcDahIx7gtitiDmkHFERE
ZYoAn3PK3aC290OCZIHeiOGvl9vyIoL+
=Mt4/
-----END PGP SIGNATURE-----