Re: screen

To: debian-user <debian-user@lists.debian.org>
Cc: staff@sccs.swarthmore.edu
Subject: Re: screen
From: Nori Heikkinen <nori@sccs.swarthmore.edu>
Date: Sun, 4 May 2003 23:26:23 -0400
Message-id: <[🔎] 20030505032623.GB16630@merlin.sccs.swarthmore.edu>
Mail-followup-to: debian-user <debian-user@lists.debian.org>, staff@sccs.swarthmore.edu
In-reply-to: <[🔎] 20030505020140.GB20462@misery.proulx.com>
References: <[🔎] 20030505011118.GA15278@merlin.sccs.swarthmore.edu> <[🔎] 20030505020140.GB20462@misery.proulx.com>

on Sun, 04 May 2003 08:01:40PM -0600, Bob Proulx insinuated:
> Nori Heikkinen wrote:
> > the sysadmins for the server i help maintain are debating
> > installing screen, and our policy on letting users download and
> > compile it for their own use.  are there current security risks or
> > bugs that we would be running, were we to do this?  what's the
> > general feeling on screen on multi-user (~1500) systems?
> 
> The 'screen' program is nothing more than a terminal session
> manager.  If you let users log into the system why wouldn't you let
> them run screen?  I don't even understand why there would be a
> concern.  Please educate me.

i've heard it bruited about that there's some security hole therein,
that it runs setuid and therefore is for some reason bad.  one of our
sysadmins administers many servers at a college nearby, and his
manager has outright forbidden screen on them.  i don't know exactly
what risk this would be, and that's why i'm asking -- to me it's just
a harmless terminal manager, too, but i hear tell that it's not as
simple as that.

> Are you worried that they will leave something running and then log
> out leaving it running in screen?  Perhaps you should investigate
> 'autolog' to clean those up.  Also, periodic reboots tend to log
> people out too.  :-)

heh.  we're not worried about that -- years ago that was the
philosophy, and that's why we hadn't had it on to begin with.  right
now we have the resources, but we're not sure how we feel about (a)
some users compiling screen in their homedirs and using it to run
chatbots, and (b) potential security holes, as mentioned above.

> > also, is there a way to allow the virtual terminal functionality
> > of screen without allowing unlimited, unmonitored processes?
> > nohup is fine for running unmonitored processes, but not for the
> > former functionality.
[...]
> You said "monitored processes".  By what method are you monitoring
> them?

well, perhaps that was a bad choice of words -- we're really not.  by
"unmonitored" i should have said "unattended," or really, "something
that lets you log out of your session and keep stuff going that you
started from that xterm or whatever."  the user who contacted us about
screen wanted to use it to not have 50 instances of PuTTy running at
once -- i'm not sure how the functionality of screen would allow that,
but i'm not familiar with the command past its nohup-like abilities.

</nori>

-- 
    .~.      nori @ sccs.swarthmore.edu
    /V\  http://www.sccs.swarthmore.edu/~nori/jnl/
   // \\          @ maenad.net
  /(   )\       www.maenad.net
   ^`~'^
            get my (*new*) key here:
   http://www.maenad.net/geek/gpg/7ede5499.asc
      (please *remove* old key 11e031f1!)

Attachment: pgpfOdNWBm59Y.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: screen
  - From: bob@proulx.com (Bob Proulx)

References:
- screen
  - From: Nori Heikkinen <nori@sccs.swarthmore.edu>
- Re: screen
  - From: bob@proulx.com (Bob Proulx)

Prev by Date: Re: USB mouse problems
Next by Date: Re: Debian menus disappeared from KDE Panel
Previous by thread: Re: screen
Next by thread: Re: screen
Index(es):
- Date
- Thread