←back to thread

Multiple security issues in GNU Screen

(www.openwall.com)
414 points st_goliath | 2 comments | 13 May 25 11:28 UTC | HN request time: 0s | source
Show context
RMPR ◴[13 May 25 11:51 UTC] No.43971862[source]
Nice write-up.

> Screen offers a multi-user mode which allows to attach to Screen sessions owned by other users in the system (given the proper credentials). These multi-user features are only available when Screen is installed with the setuid-root bit set. This configuration of Screen results in highly increased attack surface, because of the complex Screen code that runs with root privileges in this case

I wasn't aware of such a feature but I guess it's what makes stuff like tmate possible. Speaking of which, I wonder if tmux is affected by the same kind of vulnerability.

replies(4): >>43971918 #>>43971987 #>>43973735 #>>43977030 #
dooglius ◴[13 May 25 12:08 UTC] No.43971987[source]
No, tmux uses unix domain sockets. I have no idea why screen chose to take the setuid approach instead here; it seems totally unnecessary to have root privileges.

EDIT: Further down, TFA gives a plausible explanation: the current screen devs are not fully familiar with the code base. If so, the setuid-root approach was probably the easiest way to make the feature work in lieu of such familiarity.

replies(5): >>43972036 #>>43972445 #>>43972504 #>>43973108 #>>43975717 #
1. chasil ◴[13 May 25 14:03 UTC] No.43973108[source]
In the EPEL versions of screen, I am seeing the setgid bit set only. I am guessing that later versions setuid to root?

  $ ll /usr/bin/screen
  -rwxr-sr-x. 1 root screen 495816 Feb  3  2022 /usr/bin/screen

  $ rpm -q screen
  screen-4.8.0-6.el9.x86_64
Edit: Yes, Screen 5.0.0.

CVE-2025-46802 can impact earlier releases, but all the other vulnerabilities are for the latest.

replies(1): >>43983121 #
2. gertrunde ◴[14 May 25 11:15 UTC] No.43983121[source]
The original writeup by the OpenSUSE security team laid this out better:

https://security.opensuse.org/2025/05/12/screen-security-iss...

Different distros built it in different ways, affecting level of vulnerability to the different issues.