Ubuntu
screen-profiles package

screen-profiles breaks suid screen

Bug #417359 reported by Martin von Wittich
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
screen-profiles (Ubuntu)
Fix Released
Low
Unassigned
Nominated for Karmic by Dustin Kirkland 
Jaunty
Won't Fix
Low
Unassigned

Bug Description

Binary package hint: screen-profiles

screen can be made setuid to enable users to attach to screens of other users:

chmod u+s /usr/bin/screen.real

(minor annoyance: it took me a few minutes to realize that screen had been renamed to screen.real and that I was actually making a shell script setuid...)

This also requires that /var/run/screen has 755 permissions instead of 775 permissions. /etc/init.d/screen-cleanup usually detects if screen is setuid and takes care of this, but it checks /usr/bin/screen instead of /usr/bin/screen.real. This means that having screen-profiles installed breaks suid screen, because screen won't start with improper permissions:

martin@martin ~ % screen
Directory '/var/run/screen' must have mode 755.

Martin von Wittich (martin.von.wittich)
summary: - screen-profiles break suid screen
+ screen-profiles breaks suid screen
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Thanks for the report. This is fixed in Karmic, so it shouldn't be a problem going forward.

:-Dustin

Changed in screen-profiles (Ubuntu):
status: New → Fix Released
Changed in screen-profiles (Ubuntu Jaunty):
status: New → Won't Fix
Changed in screen-profiles (Ubuntu):
importance: Undecided → Low
Changed in screen-profiles (Ubuntu Jaunty):
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.