From 60683a7bd52258b3f5e7e6681fac62dd7c88763b Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Tue, 29 Mar 2022 08:35:38 -0700 Subject: UPDATING: Chase sysutils/screen-4.9.0_3 Describe user impact as a result of sysutils/screen-4.9.0_3 which removes setuid root by default, disabling multiuser feature. The option is appropriately called MULTUSER. Users may enable the multiuser feature in three ways, as discsussed by the update to UPDATING. PR: 262903 Reported by: david@isnic.is --- UPDATING | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/UPDATING b/UPDATING index a082d4b0447f..96f53b6a6761 100644 --- a/UPDATING +++ b/UPDATING @@ -5,6 +5,25 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20220329: + AFFECTS: users of sysutils/screen + AUTHOR: cy@FreeBSD.org + + As of sysutils/screen-4.9.0_3, the multiuser feature is not supported + by default. The multiuser feature requires setuid root to function. + This creates a security risk. Some Linux distributions have had + non-setuuid root screen for a dozen or more years. FreeBSD is following + suit. A new MULTIUSER option has been added to enable users to install + setuid root screen. The MULTIUSER option default is OFF. + + Users who wish to use the multiuser feature may, + + - Build screen using the MULTIUSER option, or + - Poudriere users can use poudriere-options to enable the MULTIUSER + option, or + - Users can chmod the setuid bit for ${LOCALBASE}/bin/screen-4.9.0, + making screen setuid root to enable the multiuser feature. + 20220326: AFFECTS: users of misc/freebsd-doc-* AUTHOR: blackend@FreeBSD.org -- cgit v1.2.3