Multiple security issues in GNU Screen

(www.openwall.com)

414 points st_goliath | 2 comments | 13 May 25 11:28 UTC | HN request time: 0.409s | source

Show context

RMPR ◴[13 May 25 11:51 UTC] No.43971862[source]▶

Nice write-up.

> Screen offers a multi-user mode which allows to attach to Screen sessions owned by other users in the system (given the proper credentials). These multi-user features are only available when Screen is installed with the setuid-root bit set. This configuration of Screen results in highly increased attack surface, because of the complex Screen code that runs with root privileges in this case

I wasn't aware of such a feature but I guess it's what makes stuff like tmate possible. Speaking of which, I wonder if tmux is affected by the same kind of vulnerability.

replies(4): >>43971918 #>>43971987 #>>43973735 #>>43977030 #

trollied ◴[13 May 25 11:59 UTC] No.43971918[source]▶

>>43971862 #

Yup, screen -x

replies(1): >>43972171 #

qwertox ◴[13 May 25 12:29 UTC] No.43972171[source]▶

>>43971918 #

The problem isn't with the use of `screen -x ...` itself, but rather if `ls -l "$(which screen)"` returns something like `-rwsr-xr-x 1 root root ... /usr/bin/screen`, where the `s` in the fourth position indicates the setuid bit is set. That means the screen binary runs with root privileges.

replies(1): >>43972353 #

trollied ◴[13 May 25 12:49 UTC] No.43972353[source]▶

>>43972171 #

I am well aware of setuid. I was informing the parent comment of which arg to use for the actual functionality.

replies(1): >>43973717 #

johnmaguire ◴[13 May 25 15:00 UTC] No.43973717[source]▶

>>43972353 #

I was surprised to hear OP wasn't aware of it as it was the first reason I ever had to use screen (shared remote debugging session.)

replies(2): >>43979393 #>>43982662 #

esseph ◴[14 May 25 00:22 UTC] No.43979393[source]▶

>>43973717 #

Often for long running jobs you want to see the status of where logging out of the system stops the job output.

replies(1): >>43981783 #

qwertox ◴[14 May 25 07:19 UTC] No.43981783[source]▶

>>43979393 #

Or where you can't risk dropping the terminal session, like during a system upgrade via SSH.

replies(1): >>43983776 #

esseph ◴[14 May 25 12:37 UTC] No.43983776[source]▶

>>43981783 #

System upgrade shouldn't drop your session btw, at least not on most flavors I'm familiar with

replies(1): >>43984640 #

ycombobreaker ◴[14 May 25 13:59 UTC] No.43984640[source]▶

>>43983776 #

The risk is anything else dropping your connection while an interactive long-running process is going. You can nohup, or run inside something like screen/tmux,

replies(2): >>43984757 #>>43990754 #

1. throwaway173738 ◴[14 May 25 14:09 UTC] No.43984757[source]▶

>>43984640 #

A thoughtfully designed upgrade system doesn’t do the real work side your terminal session in the interactive process.

replies(1): >>43985242 #

2. ycombobreaker ◴[14 May 25 14:51 UTC] No.43985242[source]▶

>>43984757 (TP) #

Defense in depth is always valuable. The point of this thread is that screen protects your workflow from an unexpected disconnection.

↑