[screen-devel] [bug #66522] Reattaching to other user's session results in "seteuid: Operation not permitted" and segfault in 5.0.0

Wed, 29 Oct 2025 15:04:40 -0700 

Follow-up Comment #4, bug #66522 (group screen):

@anaumov thank you for your reply (previously annonymously)

As you suggested I did the following:
git checkout screen-v5
# now at 1ef836308b8d7c8f0259dc62756b1b19fe82db4b 
git revert d10eb5b2f7eebaa347f09c010bd391373fdd1695                     

After building and testing I got:

seteuid: Operation not permitted
[...]
seteuid: Operation not permitted
seteuid: Operation not permitted
Segmentation fault         (core dumped) screen -x user/screenid

Independently of your suggestion, we at Aachner Linux User Group found the
following output in strace:

setresuid(1000, 0, 1000)                = 0
setresuid(-1, 1000, -1)                 = 0
setresgid(-1, 0, -1)                    = 0
openat(AT_FDCWD, "/home/hinrikus/.screen",
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x560263ddfeb0 /* 3 entries */, 32768) = 96
newfstatat(AT_FDCWD, "/home/hinrikus/.screen/608506.pts-8.redacted",
{st_mode=S_IFSOCK|0701, st_size=0, ...}, 0) = 0
socket(AF_UNIX, SOCK_STREAM, 0)         = 4
setresuid(-1, 1000, -1)                 = 0
setresgid(-1, 0, -1)                    = 0
connect(4, {sa_family=AF_UNIX,
sun_path="/home/hinrikus/.screen/608506.pts-8.redacted"}, 48) = 0
setresuid(-1, 0, -1)                    = -1 EPERM (Operation not permitted)
setresuid(-1, 0, -1)                    = -1 EPERM (Operation not permitted)

After this we came up with the following fix on
commit: 464c8d8f945f53f8cbb854517279349e09d74756

diff --git a/src/attacher.c b/src/attacher.c
index f2b60f0..fc171b8 100644
--- a/src/attacher.c
+++ b/src/attacher.c
@@ -121,7 +121,7 @@ int Attach(int how)
                real_uid = multi_uid;
                eff_uid = own_uid;
 #ifdef HAVE_SETRESUID
-               if (setresuid(multi_uid, own_uid, multi_uid))
+               if (setresuid(multi_uid, own_uid, eff_uid))
                        Panic(errno, "setresuid");
 #else
                xseteuid(multi_uid);

This worked for me, as we did not drop the saved root uid.


    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?66522>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

Attachment: signature.asc
Description: PGP signature

Reply via email to