[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?

Hallo Sven,

Sven Joachim <svenjoac@gmx.de> (2023-05-29):
> Recently I noticed that the screen program in the screen-udeb package
> is installed setgid utmp, and I wonder if this actually makes any
> sense.  While I do not have much experience with the installer, I
> would expect it to run all programs as root anyway, so there should be
> no need for setgid there.

Without being specifically knowledgeable about screen in general or
in the installer's context in particular, I'm 100% with you here.

> Having screen installed setgid sets up a secure execution environment
> that precludes the use of certain environment variables, see the
> "Secure-execution mode" section in ld.so(8).  Recently ncurses has
> also started to restrict such programs, see #1034372.
> Hopefully none of this matters much.  I have CC'ed debian-boot, as the
> people working on the installer will be much more qualified to give
> advice than I am.

Given the first sentence of this last paragraph, it looks like we're not
considering doing anything for Bookworm at this time (or at all). We
could try it out with Trixie Alpha 1, and see how it goes?

Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature

Reply to: