In the screenrc we have the option to tell it where to handle the read/write buffers when you ctrl+a+> or ctrl+a+< When the option is left uncommented in the screenrc the default behavior appears to outright just use /tmp/screen-exchange As root I'm able to create the /tmp/ file and then as a user have blindly source this file in. screen is pretty smart with write mode in the terms of if you attempt to symlink the file via echo owned > owned; ln -s owned screen-exchange ; screen ctrl+a+> it wont write to the symlink. No idea how it behaves on hardlinks (my kernel does not permit it so I can't test it). Anyway I'd like to suggest that we make use of the following in screenrc before this ever has a chance to turn into something nasty later on. # bufferfile: The file to use for commands # "readbuf" ('<') and "writebuf" ('>'): -# bufferfile $HOME/.screen_exchange +bufferfile $HOME/.screen_exchange
Well, actually root is able to create the file in your HOME too, so that won't protect us from the problem. The benefits lies in multi-user environments where multiple users use the bufferfile at the same time. With the changed default they can use the file independent from each other. And no other user can easily slip some bad contents in the default bufferfile of another user. Just checked the hardlinks and symlinks thing, screen doesn't check for links when writing to the file. Neither symlinks nor hardlinks are checked. I changed the default configuration file.
Sorry, it checks for both hard and symlinks, but only if the current bufferfile is the compiled in default.
just a note, there appears to be a TOCTOU between link checking and opening. Not an issue now the default configuration has been updated.