←back to thread

Multiple security issues in GNU Screen

(www.openwall.com)
414 points st_goliath | 5 comments | 13 May 25 11:28 UTC | HN request time: 0s | source
Show context
teddyh ◴[13 May 25 12:09 UTC] No.43972000[source]
Note: In Debian, GNU screen is not installed with setuid-root privileges.
replies(4): >>43972155 #>>43972240 #>>43972667 #>>43972691 #
1. ktm5j ◴[13 May 25 12:37 UTC] No.43972240[source]
Looks like it is in Fedora.
replies(3): >>43972602 #>>43972615 #>>43972773 #
2. znpy ◴[13 May 25 13:16 UTC] No.43972602[source]
I wonder if there is some selinux policy to reduce the attack surface
replies(1): >>43975986 #
3. tmtvl ◴[13 May 25 13:17 UTC] No.43972615[source]
Likewise in Arch.
4. mlichvar ◴[13 May 25 13:31 UTC] No.43972773[source]
On Fedora it is setgid screen, not root.
5. JCattheATM ◴[13 May 25 18:17 UTC] No.43975986[source]
There almost certainly is, pretty sure Fedora has an SELinux policy for all software in base.