←back to thread

Multiple security issues in GNU Screen

(www.openwall.com)
414 points st_goliath | 2 comments | 13 May 25 11:28 UTC | HN request time: 0s | source
Show context
RMPR ◴[13 May 25 11:51 UTC] No.43971862[source]
Nice write-up.

> Screen offers a multi-user mode which allows to attach to Screen sessions owned by other users in the system (given the proper credentials). These multi-user features are only available when Screen is installed with the setuid-root bit set. This configuration of Screen results in highly increased attack surface, because of the complex Screen code that runs with root privileges in this case

I wasn't aware of such a feature but I guess it's what makes stuff like tmate possible. Speaking of which, I wonder if tmux is affected by the same kind of vulnerability.

replies(4): >>43971918 #>>43971987 #>>43973735 #>>43977030 #
dooglius ◴[13 May 25 12:08 UTC] No.43971987[source]
No, tmux uses unix domain sockets. I have no idea why screen chose to take the setuid approach instead here; it seems totally unnecessary to have root privileges.

EDIT: Further down, TFA gives a plausible explanation: the current screen devs are not fully familiar with the code base. If so, the setuid-root approach was probably the easiest way to make the feature work in lieu of such familiarity.

replies(5): >>43972036 #>>43972445 #>>43972504 #>>43973108 #>>43975717 #
JdeBP ◴[13 May 25 12:14 UTC] No.43972036[source]
screen has a lot of architectural baggage that can be traced back to its initial 1987 comp.sources.unix/mod.sources versions in some cases. Being set-UID to the superuser is one of them. See the doco for screen as it was posted in volume 10:

https://sources.vsta.org/comp.sources.unix/volume10/screen/

replies(2): >>43972131 #>>43979137 #
ngangaga[dead post] ◴[13 May 25 12:26 UTC] No.43972131[source]
[flagged]
entropie ◴[13 May 25 13:14 UTC] No.43972586[source]
For me it felt (!) like screen is pretty much obsolute since 10+ years. When tmux came I switched and never looked back and I know a few that handled it the same.
replies(4): >>43972845 #>>43973094 #>>43973786 #>>43979384 #
DrillShopper ◴[13 May 25 14:02 UTC] No.43973094[source]
Try as I might I cannot get my fingers to re-learn the tmux keybindings. The GNU Screen keybindings are that burned into my brain.
replies(4): >>43973184 #>>43973925 #>>43977007 #>>43980903 #
jethro_tell ◴[14 May 25 04:43 UTC] No.43980903[source]
They re-keyed it specifically so it could be nested, however, they mention the prefix key is intentionally dumb and ment to be remapped, probably to ^a like screen.
replies(1): >>43986160 #
1. entropie ◴[14 May 25 16:05 UTC] No.43986160[source]
^a is the worst for emacs users since ^a is begging-of-line which we use a ton.

When I first started using screen some years ago the emacswiki (I think) even mentioned it and recommended to remap it to ^p which it is for me for screen and tmux since then.

(I could remember something wrong here)

replies(1): >>43988721 #
2. DrillShopper ◴[14 May 25 20:16 UTC] No.43988721[source]
I've just worked '^a a' into my terminal emacs muscle memory.