On Jun 24, 08 01:09:38 -0400, Eric Garrido wrote:
> I'm of the opinion that this isn't a valiant method of publicizing an
> "exploit", but care more about the end than the means.
>
> This appears to be fixed in HEAD, or at least, I can't immediately
> reproduce it out of the tree. I'll bisect it tomorrow.
>
> Eric
>
> On Mon, Jun 23, 2008 at 11:12 AM, rembrandt <[EMAIL PROTECTED]> wrote:
> > As posted to the OpenBSD Mailinglist this is a problem is propably more
> > related to you directly.
> >
> > I made an update to the following Advisory after people in the CERTS (I
> > wont mention any here..) because a lot claimed it's a fake/myth.
> >
> > http://marc.info/?l=openbsd-ports&m=121422445904683&w=2
This exploit exploits that the user neglected to set a screen
password and did not read the manual.
I appreciate any suggestions on how to improve user education here.
Patching the screen attacher process to ignore EINTR can only have an
effect if
- screen uses screen_builtin_lck() and
- is compiled without PAM support (not recommended).
The suggested patch is harmless, but indicates that tty initialization on
OpenBSD fails.
cheers,
Jw.
--
o \ Juergen Weigert paint it green! __/ _=======.=======_
<V> | [EMAIL PROTECTED] __/ _---|____________\/
\ | 0911 74053-508 (tm)__/ (____/ /\
(/) | __________________________/ _/ \_ vim:set sw=2 wm=8
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
