I wrote: > Also please discuss the fact that screen is a setuid binary by default.
One more thing. It installs /usr/bin/screen -> screen-[version] symlink, and the setuid binary is really /usr/bin/screen-[version]. Now let's suppose that a root hole is found in screen, a new version of screen is released, and a user updates his screen by following BLFS instructions. See the bug? the old buggy setuid binary /usr/bin/screen-[oldversion] is still there, ready for exploitation. The book should deal with this somehow, e.g., by disabling this stupid symlink. -- Alexander E. Patrakov -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
