Summary: | screen uses /tmp/screen-exchange by default. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | solar (RETIRED) <solar> |
Component: | Current packages | Assignee: | Gentoo Shell Tools project <shell-tools> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | swegener |
Priority: | High | ||
Version: | 2005.0 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
solar (RETIRED)
2005-06-06 15:38:13 UTC
Well, actually root is able to create the file in your HOME too, so that won't protect us from the problem. The benefits lies in multi-user environments where multiple users use the bufferfile at the same time. With the changed default they can use the file independent from each other. And no other user can easily slip some bad contents in the default bufferfile of another user. Just checked the hardlinks and symlinks thing, screen doesn't check for links when writing to the file. Neither symlinks nor hardlinks are checked. I changed the default configuration file. Sorry, it checks for both hard and symlinks, but only if the current bufferfile is the compiled in default. just a note, there appears to be a TOCTOU between link checking and opening. Not an issue now the default configuration has been updated. |