Re: Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?
Hi,
Sven Joachim wrote:
> Recently I noticed that the screen program in the screen-udeb
> package is installed setgid utmp, and I wonder if this actually
> makes any sense.
I suspect that setgid utmp indeed is not needed the installer context
from a general viewpoint, but screen is rather picky about its
permissions, especially setgid and setuid. (See below.) So our
decision back then was based on the following:
Screen has two supported ways to edit /var/log/wtmp:
A) via setgid utmp
B) via libutempter
Because we didn't want to pull in another library (libutempter) into
the installer when we created screen-udeb (and hence adding the need
to provide a libutempter udeb as well as libutempter freezes before
installer releases, etc.), we decided continue to use (A) for the
screen-udeb while the remainder of the screen package switched from
(A) to (B).
> While I do not have much experience with the installer, I would expect
> it to run all programs as root anyway, so there should be no need for
> setgid there.
Good point. Then again, it shouldn't do any harm for the very same
reason, right?
Screen is particular picky about its and /run/screen's permissions and
it might refuse to work if they're not set to one of the supported
permission combinations. See /usr/share/doc/screen/README.Debian.gz
So changing them definitely needs some additional tests. In general,
I'd prefer to avoid that, especially in the udeb where it does no
harm.
> Having screen installed setgid sets up a secure execution environment
> that precludes the use of certain environment variables, see the
> "Secure-execution mode" section in ld.so(8). Recently ncurses has also
> started to restrict such programs, see #1034372.
Thanks for that pointer, wasn't aware of that kind of feature. But I
fail to see how
https://invisible-island.net/ncurses/NEWS.html#index-t20230408 is
related.
https://invisible-island.net/ncurses/NEWS.html#index-t20230418 and
https://invisible-island.net/ncurses/NEWS.html#index-t20230423 look
more related, though. Maybe a typo in #1034372, 08 vs 18?
Anyway, IMHO ncurses should not care about setuid/setgid when already
called under root. It makes sense under any other user, though.
> Hopefully none of this matters much. I have CC'ed debian-boot, as the
> people working on the installer will be much more qualified to give
> advice than I am.
Cyril Brulebois wrote:
> Given the first sentence of this last paragraph, it looks like we're not
> considering doing anything for Bookworm at this time
That's also the reason why I didn't reply back in May: We were way to
deep into the Bookworm freeze to do anything on that front IMHO. And
the installer just worked fine with regards to its screen usage.
Regards, Axel
--
,''`. | Axel Beckert <abe@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Reply to: