Sven Joachim wrote:
> Recently I noticed that the screen program in the screen-udeb
> package is installed setgid utmp, and I wonder if this actually
> makes any sense.

I suspect that setgid utmp indeed is not needed the installer context
from a general viewpoint, but screen is rather picky about its
permissions, especially setgid and setuid. (See below.) So our
decision back then was based on the following:

Screen has two supported ways to edit /var/log/wtmp:

A) via setgid utmp
B) via libutempter

Because we didn't want to pull in another library (libutempter) into
the installer when we created screen-udeb (and hence adding the need
to provide a libutempter udeb as well as libutempter freezes before
installer releases, etc.), we decided continue to use (A) for the
screen-udeb while the remainder of the screen package switched from
(A) to (B).

> While I do not have much experience with the installer, I would expect
> it to run all programs as root anyway, so there should be no need for
> setgid there.

Good point. Then again, it shouldn't do any harm for the very same
reason, right?

Screen is particular picky about its and /run/screen's permissions and
it might refuse to work if they're not set to one of the supported
permission combinations. See /usr/share/doc/screen/README.Debian.gz

So changing them definitely needs some additional tests. In general,
I'd prefer to avoid that, especially in the udeb where it does no

> Having screen installed setgid sets up a secure execution environment
> that precludes the use of certain environment variables, see the
> "Secure-execution mode" section in ld.so(8).  Recently ncurses has also
> started to restrict such programs, see #1034372.

Thanks for that pointer, wasn't aware of that kind of feature. But I
fail to see how
https://invisible-island.net/ncurses/NEWS.html#index-t20230408 is

https://invisible-island.net/ncurses/NEWS.html#index-t20230418 and
https://invisible-island.net/ncurses/NEWS.html#index-t20230423 look
more related, though. Maybe a typo in #1034372, 08 vs 18?

Anyway, IMHO ncurses should not care about setuid/setgid when already
called under root. It makes sense under any other user, though.

> Hopefully none of this matters much.  I have CC'ed debian-boot, as the
> people working on the installer will be much more qualified to give
> advice than I am.

Cyril Brulebois wrote:
> Given the first sentence of this last paragraph, it looks like we're not
> considering doing anything for Bookworm at this time

That's also the reason why I didn't reply back in May: We were way to
deep into the Bookworm freeze to do anything on that front IMHO. And
the installer just worked fine with regards to its screen usage.

                Regards, Axel
 ,''`.  |  Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Reply via email to