Re: screen question/problem.

From: Adam Lazur (adam@lazur.org)
Date: 09/27/02


Date: Fri, 27 Sep 2002 11:57:06 -0400
From: Adam Lazur <adam@lazur.org>
To: freebsd-security@FreeBSD.ORG

Jason Stone (jason-fbsd-security@shalott.net) said:
> > Screen likes to be root so it can do things like update utmp (or wtmp,
> > whichever).
>
> I've been wondering about this for a while - on my personal systems, I've
> always created a group wtmp and made utmp/wtmp/lastlog group wtmp, group
> writable, and screen, xterm, etc, setgid wtmp instead of setuid root.
>
> This seems to me to preserve that portion of the functionality (I know
> that screen also likes to be setuid root for other reasons) while being
> substantially safer than having everything just be setuid root.
>
> Am I missing something? Are there other implications to using a wtmp
> group and setgid binaries? I think that this would be a nice change to
> make to the base system if it's reasonable to do so.

There are issues with setting permissions on your tty. On my FreeBSD 4.5
box it keeps the default perms root:wheel 666, which is bad. You want it
to end up with youruser:tty 620.

I maintain screen for the Debian project, and we have been shipping
screen setgid utmp for a long time. We avoid the tty perms problem by
having default perms on unix98 tty's that work out okay (though there is
a bug on non-devfs systems atm).

For full functionality, screen must also be setuid root to do
multi-user. This is another permissions setup problem (on the named
pipes this time) that making screen setuid root avoids. It's on my todo
list to fix things to that a setgid utmp screen will work with
multi-user screen "out of the box" in the future.

-- 
Adam Lazur, Cluster Monkey
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message