[Full-disclosure] screen 4.0.3 local Authentication Bypass - Working on multiple systems
Nico Golde
fd at ngolde.de
Wed Jun 6 18:11:26 BST 2007
Hi,
* Sûnnet Beskerming <info at beskerming.com> [2007-06-06 15:19]:
[...]
> ~user(screen) $ echo Once the process is killed, I should not reappear.
> Once the process is killed, I should not reappear.
> ~user(screen) $ ^a+x
> Key: [1234]
> Again: [1234]
> Screen used by User <user>.
> Password:
>
> At this stage we now need to kill the right process. On OS X, screen
> ignores the SIGINT sent by ^c, so we need to send it a SIGKILL.
> Using your favourite process killer, kill the outer screen pid
> (5171). If you vary the process, such as:
[...]
What is the point of locking screen with a password if you
have an open shell on the host??? In this case you can just
close the window an reattach the screen session.
Kind regards
Nico
--
Nico Golde - JAB: nion at jabber.ccc.de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070606/dee816f7/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.