From 9ec5d839c220379ac064559b924720b60717fc89 Mon Sep 17 00:00:00 2001
From: kris <kris@FreeBSD.org>
Date: Tue, 4 Sep 2001 19:20:42 +0000
Subject: Patch against a bug which is a local root vulnerability on other
 platforms, but which I could not repeat on FreeBSD.  It may still be a
 problem, but it looks like screen was already dropping privilege before the
 operation in question.

Submitted by:	Roman Drahtmueller <draht@suse.de>
---
 misc/screen/Makefile         |  1 +
 misc/screen/files/patch-sec1 | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 misc/screen/files/patch-sec1

(limited to 'misc')

diff --git a/misc/screen/Makefile b/misc/screen/Makefile
index d43cfb1..003286f 100644
--- a/misc/screen/Makefile
+++ b/misc/screen/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	screen
 PORTVERSION=    3.9.9
+PORTREVISION=	1
 CATEGORIES=	misc
 MASTER_SITES=	ftp://ftp.uni-erlangen.de/pub/utilities/screen/ \
 		${MASTER_SITE_GNU}
diff --git a/misc/screen/files/patch-sec1 b/misc/screen/files/patch-sec1
new file mode 100644
index 0000000..abeeb0c
--- /dev/null
+++ b/misc/screen/files/patch-sec1
@@ -0,0 +1,13 @@
+--- screen.c.orig	Fri May 25 16:40:10 2001
++++ screen.c	Mon Sep  3 15:48:24 2001
+@@ -1061,6 +1061,10 @@
+ 	  Attacher();
+ 	  /* NOTREACHED */
+ 	}
++#ifdef MULTIUSER
++      if (multiattach)
++	Panic(0, "Can't create sessions of other users.");
++#endif 
+       debug("screen -r: backend not responding -- still crying\n");
+     }
+   else if (dflag && !mflag)
-- 
cgit v1.1