screen: Update version to 4.9.1 #3240
Conversation
Update screen to 4.9.1. More importantly, don't install screen as setuid-root. this is only required for Multiuser Sessions, which are probably not used in our environment. Screen has a lot of setuid-root related security problems. [1] Do not update to 5.0.0 yet. [1]: https://www.openwall.com/lists/oss-security/2025/05/12/1
|
It’s a little confusing as you reference the email regarding the security issues, but 4.9.1 does not contain anything about this as it’s from 2023. So only the setuid-root relates to the oss-security posting. |
|
The point of the PR is "Remove setuid-root from screen". The update (to latest 4.9) is just by the way. How can this be expressed more clearly? From the referenced document:
And I agree with that. We've had a root exploit with screen ourself before and were not happy with how it was handled [1]. I wasn't aware that setuid-root is only needed for a feature, which might be unused in our environment. So removing setuid-root is the way to go. [1] https://lists.gnu.org/archive/html/screen-devel/2017-03/msg00001.html |
Remove setuid-root from screen and update to 4.9.1.
Requires mariux64/mxtools#463
Update screen to 4.9.1.
See https://www.openwall.com/lists/oss-security/2025/05/12/1