On 2026-05-13 15:44, Vincent Lefevre wrote:
And in any case, such a feature
should have not been enabled by default (since security and privacy
have become a concern), at least without a warning for the user,
and asking for confirmation.
Upstream seems to disagree; and RedHat doesn't consider this to be a
security
issue:
Red Hat does not consider this to be a security issue. Affected file
is
supposed to be used to exchange information between local system
users,
therefore open permissions are intentional.
-- https://access.redhat.com/security/cve/cve-2009-1214
Regardless, Screen 5.x is probably the right time to change Debian's
behaviour.
I will change the default screenrc to use $HOME/.screen-exchange in the
next
upload.
Cheers,
Peter
