Discussion:
Is screen safe when it has setsuid?
(too old to reply)
Iru Cai via arch-general
2017-04-16 04:40:58 UTC
Permalink
Raw Message
Hello,

I saw that the permission of screen is -rwsr-xr-x, which means when screen
is run, it's run as root at the beginning. I don't know if it can be a
security issue.

I also checked the screen program in Debian. It uses setguid as a non-root
group.
-rwxr-sr-x 1 root utmp ... /usr/bin/screen

Iru
--
Please do not send me Microsoft Office/Apple iWork documents. Send
OpenDocument instead! http://fsf.org/campaigns/opendocument/
Joey Pabalinas via arch-general
2017-04-17 06:02:54 UTC
Permalink
Raw Message
Post by Iru Cai via arch-general
Hello,
Post by Iru Cai via arch-general
I saw that the permission of screen is -rwsr-xr-x, which means when screen
is run, it's run as root at the beginning. I don't know if it can be a
security issue.
I also checked the screen program in Debian. It uses setguid as a non-root
group.
-rwxr-sr-x 1 root utmp ... /usr/bin/screen
Iru
No, this is fairly safe and screen has been default etuid for a long
time. This is required by a portion of the -r option; from the manpage:

"-r [pid.tty.host] -r sessionowner/[pid.tty.host] resumes a detached screen
session. No other options (except combinations with -d/-D) may be specified,
though an optional prefix of [pid.]tty.host may be needed to distinguish
between multiple detached screen sessions. The second form is used to
connect to another user's screen session which runs in multiuser mode.
This indicates that screen * should look for sessions in another user's
directory. This requires setuid-root."

The utmp group is if screen is compiled with utmp support; this is due
to screen having an option to creates entries in the system UTMP
dat

Loading...