On 2026-05-13 10:54:05 +0200, Peter Dey wrote: > For the screen-exchange part of this bug, upstream already suggested a > solution: https://savannah.gnu.org/bugs/index.php?25296 > > If you set the screen exchange files to something different than the > "public" file, you should make sure that it's not a public writeable > directory. The same is true for all files screen writes, like screen > dumps. > $(HOME)/screen-exchange would be a good idea.
It has never been clearly documented that this was a "public" file (only in one place in the screen(1) man page, about "writebuf", not even in Section "FILES"). And in any case, such a feature should have not been enabled by default (since security and privacy have become a concern), at least without a warning for the user, and asking for confirmation. > I would propose a slight variation of this - add: > > bufferfile $HOME/.screen-exchange > > to our default /etc/screenrc Since /etc/screenrc is always read, I suppose that this would be fine. > Plus a NEWS entry documenting the user behaviour change needed. Yes. Thanks, -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
