Wind River Support Network


LIN9-5860 : screen - fix-CVE-2017-5618.patch introduces bug

Created: Nov 30, 2017    Updated: Dec 3, 2018
Resolved Date: Dec 21, 2017
Found In Version: unknown
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace


The fix for CVE-2017-5618, screen package, introduces a bug where screen tries to write logs to CWD instead of the location specified in the configuration file.

Steps to Reproduce

$ wrlinux-8/wrlinux/configure --enable-rootfs=glibc_small --enable-board=intel-x86-64 --with-package=screen --enable-reconfig --enable-parallel-pkgbuilds=16 --enable-jobs=16 --with-init=sysvinit --with-rcpl-version=0023
$ make
flash target with resulting rfs & kernel
On target:
$ adduser test
$ su test
$ mkdir ~/screen
$ echo -e "logfile /home/test/screen/log\nlogfile flush 1\nreflog on" >/home/test/screen/screenrc
$ cd / #dir where test user has no write permission
$ screen -c /test/screen/screenrc -L
Expected behaviour:
New screen session
Observed behaviour:
-L: logfile name access problem

Other Downloads

Live chat