[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: screen-4.6.0 regression: within su: Cannot open your terminal '/dev/
Re: screen-4.6.0 regression: within su: Cannot open your terminal '/dev/pts/14' - please check
Mon, 10 Jul 2017 23:45:00 +0300
On Fri, 30 Jun 2017 13:25:18 +0200 Axel Beckert wrote:
> On Fri, Jun 30, 2017 at 02:50:48PM +0800, Clark Wang wrote:
> > On Thu, Jun 29, 2017 at 7:52 PM, Axel Beckert <address@hidden> wrote:
> > > I know that behaviour of screen for ages and even saw people
> > > recommending tmux because it doesn't seem to have this issue.
> > >
> > > > /dev/pts/14 is indeed not owned by user test, but this way screen
> > > > have worked fine for as long as I can remember, so this access
> > > > should not be mandatory.
> > > >
> > > > Any way to return the old behaviour?
> > >
> > > I'd rather be interested in how you got that working all these years.
> > > :-)
> > Just tried v4.5. /usr/bin/screen (rwxr-sr-x) does not work with su but
> > /usr/local/bin/screen (rwsr-xr-x) I built from source works fine:
> > # ls -Ll /usr/bin/screen /usr/local/bin/screen
> > -rwxr-sr-x 1 root utmp 457608 2017-05-23 07:57 /usr/bin/screen
> > -rwsr-xr-x 1 root staff 1441416 2017-01-19 13:59 /usr/local/bin/screen
> Thanks for the comparison.
> Ok, so the screen binary which is setuid root works and the one which
> is not, doesn't. Sounds like a reason.
Setuid root is not necessary for this to work. In Gentoo I never
had a problem with screen after su (except for 4.6.0 version).
Looks like it works the following way:
1. screen is configured as follows:
2. pty permissions are set to 0620 user:tty (tty gid is 5) using
screen binary is not SUID root for non-multiuser configurations:
2755 root:utmp for /usr/bin/screen
0775 root:utmp for /tmp/screen
for utmp access
If user chooses to enable multiuser support during package
compilation, /usr/bin/screen perms are set to 4755, but I don't use
> But I won't revert to setuid for the Debian package. In contrary,
> Debian's screen package in the next stable release will contain, and also
> 4.5.1 in the current Debian Testing and Unstable already contains
> libutempter support to avoid issues like the privilege escalation in
> 4.5.0. (While in 4.6.0 this doesn't seem to make a difference
> Kind regards, Axel
Description: PGP signature