diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2022-03-29 15:02:19 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2022-03-29 15:39:28 +0000 |
| commit | 8f528507e9ca0e4f9020269ac69fc7d87249417d (patch) | |
| tree | 524ffb1ff0e72e52106ae288ca5b5f2a9f8d7d8d | |
| parent | d2ff6b8811b61b3ca2337525d0ed4a60ba29a1dc (diff) | |
| download | ports-8f528507e9ca0e4f9020269ac69fc7d87249417d.tar.gz ports-8f528507e9ca0e4f9020269ac69fc7d87249417d.zip | |
sysutils/screen: Disable multiuser mode by default
Multiuser mode is a handy way to share a screen among people who do
not reside in the same location. Unforutnately it requires that screen
be setuid root. GNU screen has had a number of CVEs over the years.
See https://www.cvedetails.com/vulnerability-list/vendor_id-72/\
product_id-1860/GNU-Screen.html. Removing the setuid bit mitigates this
at the expense of breaking the multuser feature.
Red Hat removed GNU screen's setuid bit over a dozen years ago. Their
rationale is documented in their bugzilla bug 580339, where they stated
that most users don't use the multiuser feature. (Personally, I'm the only
person I know of who uses that feature.)
Users who use the multuser feature should enable the MUILTUSER option
prior to building screen or using poudriere-options. Alternatively, users
can chmod the setuid bit on when needed.
PR: 262903
Submitted by: david@isnic.is (mostly)
Reported by: david@isnic.is
| -rw-r--r-- | sysutils/screen/Makefile | 7 | ||||
| -rw-r--r-- | sysutils/screen/pkg-plist | 2 |
2 files changed, 6 insertions, 3 deletions
diff --git a/sysutils/screen/Makefile b/sysutils/screen/Makefile index 8929ce4e5ef7..664bc585e091 100644 --- a/sysutils/screen/Makefile +++ b/sysutils/screen/Makefile @@ -2,7 +2,7 @@ PORTNAME= screen PORTVERSION= 4.9.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= sysutils MASTER_SITES= GNU \ ftp://ftp.gnu.org/gnu/screen/ \ @@ -18,7 +18,7 @@ COMMENT= Multi-screen window manager LICENSE= GPLv3 -OPTIONS_DEFINE= INFO NETHACK XTERM_256 SYSTEM_SCREENRC +OPTIONS_DEFINE= INFO NETHACK XTERM_256 SYSTEM_SCREENRC MULTIUSER OPTIONS_DEFAULT= INFO NETHACK XTERM_256 SOCKETS SYSTEM_SCREENRC \ NCURSES_DEFAULT OPTIONS_SINGLE= IPC NCURSES @@ -29,6 +29,9 @@ XTERM_256_DESC= Enable support for 256 colour xterm SOCKETS_DESC= Use new (4.2.1+) sockets for IPC (default) NAMED_PIPES_DESC= Use legacy (4.0.3) named pipes for IPC (override) SYSTEM_SCREENRC_DESC= Install system screenrc with helpful status line +MULTIUSER_DESC= Install setuid-root screen to support multiuser +MULTIUSER_PLIST_SUB= MULTIUSER_SCREEN="@(,,4755) " +MULTUSER_PLIST_SUB_OFF= MULTIUSER_SCREEN="@(,,0755) " NCURSES_DEFAULT_DESC= Depend on ncurses (ports if installed, otherwise base) NCURSES_BASE_DESC= Depend on ncurses in base NCURSES_PORT_DESC= Depend on devel/ncurses in ports diff --git a/sysutils/screen/pkg-plist b/sysutils/screen/pkg-plist index faddf89b1799..e1afe2d637e4 100644 --- a/sysutils/screen/pkg-plist +++ b/sysutils/screen/pkg-plist @@ -1,5 +1,5 @@ bin/screen -bin/screen-4.9.0 +%%MULTIUSER_SCREEN%%bin/screen-4.9.0 man/man1/screen.1.gz %%DATADIR%%/utf8encodings/01 %%DATADIR%%/utf8encodings/02 |