FS#22686 - [screen] Remove suid bit from /usr/bin/screen-4.0.3
Attached to Project:
Arch Linux
Opened by Leonid Isaev (lisaev) - Monday, 31 January 2011, 18:20 GMT
Last edited by Allan McRae (Allan) - Friday, 22 April 2011, 05:36 GMT
Opened by Leonid Isaev (lisaev) - Monday, 31 January 2011, 18:20 GMT
Last edited by Allan McRae (Allan) - Friday, 22 April 2011, 05:36 GMT
|
Details
Description:
The package "screen-4.0.3" ships with the suid binary /usr/bin/screen-4.0.3. This might be a security hole, which has beed avoided in, for instance RHEL by making it sgid: -rwxr-sr-x 1 root screen 360952 Dec 4 2006 /usr/bin/screen Alternatively, one can remove suid bit altogether. The tradeoff here is the crippled remote assistance functionality, because suid bit is necessary for different users to share a session. While screen is used by ~43% of arch users (according to pkgstats), I doubt that a lot of people rely on it for presentation/sharing purposes... Thanks. |
This task depends upon
Closed by Allan McRae (Allan)
Friday, 22 April 2011, 05:36 GMT
Reason for closing: Won't implement
Additional comments about closing: Should be done upstream.
Friday, 22 April 2011, 05:36 GMT
Reason for closing: Won't implement
Additional comments about closing: Should be done upstream.
FS#20682- [screen] screen runs setuid root!