Hi, Sven Joachim wrote: > Recently I noticed that the screen program in the screen-udeb > package is installed setgid utmp, and I wonder if this actually > makes any sense.
I suspect that setgid utmp indeed is not needed the installer context from a general viewpoint, but screen is rather picky about its permissions, especially setgid and setuid. (See below.) So our decision back then was based on the following: Screen has two supported ways to edit /var/log/wtmp: A) via setgid utmp B) via libutempter Because we didn't want to pull in another library (libutempter) into the installer when we created screen-udeb (and hence adding the need to provide a libutempter udeb as well as libutempter freezes before installer releases, etc.), we decided continue to use (A) for the screen-udeb while the remainder of the screen package switched from (A) to (B). > While I do not have much experience with the installer, I would expect > it to run all programs as root anyway, so there should be no need for > setgid there. Good point. Then again, it shouldn't do any harm for the very same reason, right? Screen is particular picky about its and /run/screen's permissions and it might refuse to work if they're not set to one of the supported permission combinations. See /usr/share/doc/screen/README.Debian.gz So changing them definitely needs some additional tests. In general, I'd prefer to avoid that, especially in the udeb where it does no harm. > Having screen installed setgid sets up a secure execution environment > that precludes the use of certain environment variables, see the > "Secure-execution mode" section in ld.so(8). Recently ncurses has also > started to restrict such programs, see #1034372. Thanks for that pointer, wasn't aware of that kind of feature. But I fail to see how https://invisible-island.net/ncurses/NEWS.html#index-t20230408 is related. https://invisible-island.net/ncurses/NEWS.html#index-t20230418 and https://invisible-island.net/ncurses/NEWS.html#index-t20230423 look more related, though. Maybe a typo in #1034372, 08 vs 18? Anyway, IMHO ncurses should not care about setuid/setgid when already called under root. It makes sense under any other user, though. > Hopefully none of this matters much. I have CC'ed debian-boot, as the > people working on the installer will be much more qualified to give > advice than I am. Cyril Brulebois wrote: > Given the first sentence of this last paragraph, it looks like we're not > considering doing anything for Bookworm at this time That's also the reason why I didn't reply back in May: We were way to deep into the Bookworm freeze to do anything on that front IMHO. And the installer just worked fine with regards to its screen usage. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE