Multiple security issues in GNU Screen

(www.openwall.com)

414 points st_goliath | 1 comments | 13 May 25 11:28 UTC | HN request time: 0.206s | source

Show context

RMPR ◴[13 May 25 11:51 UTC] No.43971862[source]▶

Nice write-up.

> Screen offers a multi-user mode which allows to attach to Screen sessions owned by other users in the system (given the proper credentials). These multi-user features are only available when Screen is installed with the setuid-root bit set. This configuration of Screen results in highly increased attack surface, because of the complex Screen code that runs with root privileges in this case

I wasn't aware of such a feature but I guess it's what makes stuff like tmate possible. Speaking of which, I wonder if tmux is affected by the same kind of vulnerability.

replies(4): >>43971918 #>>43971987 #>>43973735 #>>43977030 #

trollied ◴[13 May 25 11:59 UTC] No.43971918[source]▶

>>43971862 #

Yup, screen -x

replies(1): >>43972171 #

qwertox ◴[13 May 25 12:29 UTC] No.43972171[source]▶

>>43971918 #

The problem isn't with the use of `screen -x ...` itself, but rather if `ls -l "$(which screen)"` returns something like `-rwsr-xr-x 1 root root ... /usr/bin/screen`, where the `s` in the fourth position indicates the setuid bit is set. That means the screen binary runs with root privileges.

replies(1): >>43972353 #

trollied ◴[13 May 25 12:49 UTC] No.43972353[source]▶

>>43972171 #

I am well aware of setuid. I was informing the parent comment of which arg to use for the actual functionality.

replies(1): >>43973717 #

johnmaguire ◴[13 May 25 15:00 UTC] No.43973717[source]▶

>>43972353 #

I was surprised to hear OP wasn't aware of it as it was the first reason I ever had to use screen (shared remote debugging session.)

replies(2): >>43979393 #>>43982662 #

esseph ◴[14 May 25 00:22 UTC] No.43979393[source]▶

>>43973717 #

Often for long running jobs you want to see the status of where logging out of the system stops the job output.

replies(1): >>43981783 #

qwertox ◴[14 May 25 07:19 UTC] No.43981783[source]▶

>>43979393 #

Or where you can't risk dropping the terminal session, like during a system upgrade via SSH.

replies(1): >>43983776 #

esseph ◴[14 May 25 12:37 UTC] No.43983776[source]▶

>>43981783 #

System upgrade shouldn't drop your session btw, at least not on most flavors I'm familiar with

replies(1): >>43984640 #

ycombobreaker ◴[14 May 25 13:59 UTC] No.43984640[source]▶

>>43983776 #

The risk is anything else dropping your connection while an interactive long-running process is going. You can nohup, or run inside something like screen/tmux,

replies(2): >>43984757 #>>43990754 #

1. esseph ◴[15 May 25 00:53 UTC] No.43990754[source]▶

>>43984640 #

You're not wrong, but largely in the virtualized world we live in, it matters less and less when you have a virtual console.

That said the sshd session you are connected on is still running the old executable until the service is restarted AND your session ends, so even if sshd gets upgraded, you should still be good to go.

↑