Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 29 May 2023 20:54:29 +0200
Message-id: <[🔎] 87bki3hst6.fsf@turtle.gmx.de>
Reply-to: Sven Joachim <svenjoac@gmx.de>, 1036933@bugs.debian.org

Package: screen-udeb
Version: 4.9.0-4
Tags: d-i
X-Debbugs-Cc: Sven Joachim <svenjoac@gmx.de>, debian-boot@lists.debian.org

Recently I noticed that the screen program in the screen-udeb package is
installed setgid utmp, and I wonder if this actually makes any sense.
While I do not have much experience with the installer, I would expect
it to run all programs as root anyway, so there should be no need for
setgid there.

Having screen installed setgid sets up a secure execution environment
that precludes the use of certain environment variables, see the
"Secure-execution mode" section in ld.so(8).  Recently ncurses has also
started to restrict such programs, see #1034372.

Hopefully none of this matters much.  I have CC'ed debian-boot, as the
people working on the installer will be much more qualified to give
advice than I am.

Reply to:

Follow-Ups:
- Re: Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Re: os-prober not detecting distros mounting ESP as /boot
Next by Date: Re: Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?
Previous by thread: Re: os-prober not detecting distros mounting ESP as /boot
Next by thread: Re: Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?
Index(es):
- Date
- Thread