On Sat, Jan 15, 2011 at 10:15:22AM -0800, Sadrul Habib Chowdhury wrote: > On Thu, Jan 13, 2011 at 8:59 AM, Miroslav Lichvar <mlich...@redhat.com>wrote: > > attached are some patches for issues found in a screen review, please > > consider for inclusion. > > > Hi! Thanks for the patches. Perhaps you could briefly explain what each > patch does (e.g. what bugs they fix etc.)?
I'm not sure if there are any real bugs fixed by the patches, I just received a list of issues from people working on the Common Criteria Certification. I think the patches do what is considered a good practice in security. patch 1: not checking return code from setgid/setuid can lead to vulnerabilities, see CVE-2006-2607 patch 5: tty should be checked if it's not a hardlink and it starts with /dev, in login.c from util-linux-ng there are comments: /* In case login is suid it was possible to use a hardlink as stdin and exploit races for a local root exploit. (Wojciech Purczynski). */ /* More precisely, the problem is ttyn := ttyname(0); ...; chown(ttyn); here ttyname() might return "/tmp/x", a hardlink to a pseudotty. */ /* All of this is a problem only when login is suid, which it isnt. */ patches 3, 4, 6 probably fix warnings from a static code analyzer. Not sure about patch 2 (setting PAM_TTY item). Thanks, -- Miroslav Lichvar
