After upgrading /var/run/screen lacks right permissions

The permissions shall better be set to 01777 on /var/run/screen. Allowing only the creator to remove the socket created per screen session. Otherwise it's quite easy to execute a denial of service attack localy: erase all sockets ...

This is possibly related to https://bugs.launchpad.net/ubuntu/+source/screen/+bug/727741

Hi Thomas,

> Since this bug is now known for about one year, could you please fix it?

Just because a bug is known for a while does not mean, it's trivially to fix.

Hmm, I've tried to reproduce this bug, and I'm not able to.

I am able to login and automatically launch screen+byobu in Ubuntu
11.10, with my /var/run/screen/ directory permissions in the system
default:

drwxrwxr-x 3 root utmp 60 2011-10-10 12:53 /var/run/screen/

and the system default on /usr/bin/screen as well:

-rwxr-sr-x 1 root utmp 375984 2011-06-06 13:02 /usr/bin/screen*

I think you have something else going on there Thomas....

On a new install it is working. On an old, upgraded system it is not (after upgrading).
I had to add an dpkg-statoverride to get rid of the error. On none of the systems affected there was a statoverride given for "/var/run/screen". No startup files where modified.

I could make the bug vanish by removing screen, purging all configuration files, searching for not removed files, deleting them by hand, removing all statoverrides, then reinstalling screen.
Looks a lot like something left over from an older version of screen playing with newer versions breaking them. Since all systems affected had different files to clean up I am not sure which one it was. Starting with user defined configurations and ending at /var/run/screen aka /run/screen (with latest installs).

It was related to https://bugs.launchpad.net/ubuntu/+source/screen/+bug/727741, at least for some of the mentioned errors.

The bug is again there:
Upgrade from Ubuntu 11.10 to 12.04 ...
After it is ready login:
> Directory '/var/run/screen' must have mode 777.
> Directory '/var/run/screen' must have mode 777.
> Directory '/var/run/screen' must have mode 777.
---

Versions:
ii byobu 5.6-0ubuntu1 powerful, text based window manager and shell multiplexer
ii screen 4.0.3-14ubuntu8 terminal multiplexor with VT100/ANSI terminal emulation
ii tmux 1.5-3 terminal multiplexer
---

/etc/init/screen-cleanup.conf:
# cat /etc/init/screen-cleanup.conf
# screen

description "GNU Screen Cleanup"
author "Dustin Kirkland <email address hidden>"

start on filesystem

task

script
        SCREENDIR=/var/run/screen
        if [ -L $SCREENDIR ] || [ ! -d $SCREENDIR ]; then
                rm -f $SCREENDIR
                mkdir $SCREENDIR
                chown root:utmp $SCREENDIR
        fi
        find $SCREENDIR -type p -delete
        # If the local admin has used dpkg-statoverride to install the screen
        # binary with different set[ug]id bits, change the permissions of
        # $SCREENDIR accordingly
        BINARYPERM=`stat -c%a /usr/bin/screen`
        if [ "$BINARYPERM" -ge 4000 ]; then
                chmod 0755 $SCREENDIR
        elif [ "$BINARYPERM" -ge 2000 ]; then
                chmod 0775 $SCREENDIR
        else
                chmod 0777 $SCREENDIR
        fi
end script
---

dpkg-statoverride --list | grep screen:
---

Upgrading to precise solves this bug. The newer install script seems fixed.

Must take my own comment #9 down: this is there again: upgrading from Ubuntu 10.04.4 to Ubuntu 12.04.1 using byobu for login leads to message: "/var/run/screen must have permission 0777". After rebooting.

changing /var/run/screen once to permissions 0777 fixes this. The change seems to be persistent and solves the error.

Status changed to 'Confirmed' because the bug affects multiple users.

Seems fixed now