[arch-general] Is screen safe when it has setsuid?
Joey Pabalinas
alyptik at protonmail.com
Mon Apr 17 06:02:54 UTC 2017
> Hello,
>
> > I saw that the permission of screen is -rwsr-xr-x, which means when screen
> is run, it's run as root at the beginning. I don't know if it can be a
> security issue.
>
> I also checked the screen program in Debian. It uses setguid as a non-root
> group.
> -rwxr-sr-x 1 root utmp ... /usr/bin/screen
>
> Iru
No, this is fairly safe and screen has been default etuid for a long
time. This is required by a portion of the -r option; from the manpage:
"-r [pid.tty.host] -r sessionowner/[pid.tty.host] resumes a detached screen
session. No other options (except combinations with -d/-D) may be specified,
though an optional prefix of [pid.]tty.host may be needed to distinguish
between multiple detached screen sessions. The second form is used to
connect to another user's screen session which runs in multiuser mode.
This indicates that screen * should look for sessions in another user's
directory. This requires setuid-root."
The utmp group is if screen is compiled with utmp support; this is due
to screen having an option to creates entries in the system UTMP
database file.
-Joey Pabalinas <alyptik at protonmail.com>
More information about the arch-general
mailing list