Re: screen-4.6.0 regression: within su: Cannot open your terminal '/dev/pts/14' - please check

[Axel Beckert]

Hi,

On Fri, Jun 30, 2017 at 02:50:48PM +0800, Clark Wang wrote:
> On Thu, Jun 29, 2017 at 7:52 PM, Axel Beckert <address@hidden> wrote:
> > I know that behaviour of screen for ages and even saw people
> > recommending tmux because it doesn't seem to have this issue.
> >
> > > /dev/pts/14 is indeed not owned by user test, but this way screen
> > > have worked fine for as long as I can remember, so this access
> > > should not be mandatory.
> > >
> > > Any way to return the old behaviour?
> >
> > I'd rather be interested in how you got that working all these years.
> > :-)
> 
> Just tried v4.5. /usr/bin/screen (rwxr-sr-x) does not work with su but
> /usr/local/bin/screen (rwsr-xr-x) I built from source works fine:
> 
> # ls -Ll /usr/bin/screen /usr/local/bin/screen
> -rwxr-sr-x 1 root utmp   457608 2017-05-23 07:57 /usr/bin/screen
> -rwsr-xr-x 1 root staff 1441416 2017-01-19 13:59 /usr/local/bin/screen

Thanks for the comparison.

Ok, so the screen binary which is setuid root works and the one which
is not, doesn't. Sounds like a reason.

But I won't revert to setuid for the Debian package. In contrary,
Debian's screen package in the next stable release will contain, and also 
already
4.5.1 in the current Debian Testing and Unstable already contains
libutempter support to avoid issues like the privilege escalation in
4.5.0. (While in 4.6.0 this doesn't seem to make a difference
anymore.)

                Kind regards, Axel
-- 
/~\  Plain Text Ribbon Campaign                   | Axel Beckert
\ /  Say No to HTML in E-Mail and News            | address@hidden  (Mail)
 X   See http://www.nonhtmlmail.org/campaign.html | address@hidden (Mail+Jabber)
/ \  I love long mails: http://email.is-not-s.ms/ | http://abe.noone.org/ (Web)