lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 6 Jun 2007 19:11:26 +0200
From: Nico Golde <fd@...lde.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: screen 4.0.3 local Authentication Bypass -
	Working on multiple systems

Hi,
* Sûnnet Beskerming <info@...kerming.com> [2007-06-06 15:19]:
[...] 
> ~user(screen) $ echo Once the process is killed, I should not reappear.
> Once the process is killed, I should not reappear.
> ~user(screen) $ ^a+x
> Key: [1234]
> Again: [1234]
> Screen used by User <user>.
> Password:
> 
> At this stage we now need to kill the right process.  On OS X, screen  
> ignores the SIGINT sent by ^c, so we need to send it a SIGKILL.   
> Using your favourite process killer, kill the outer screen pid  
> (5171).  If you vary the process, such as:
[...]
What is the point of locking screen with a password if you 
have an open shell on the host??? In this case you can just 
close the window an reattach the screen session.
Kind regards
Nico
-- 
Nico Golde - JAB: nion@...ber.ccc.de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ