Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Validate suid-bit removal from /bin/screen #5
Actually screen is using an SGID bit, at least in recent ubuntu versions by default. As it stands, it is owned by root:utmp, so with -rwxr-sr-x that means that exploits hit the group, i.e. utmp.
Since the whole screen case only happens when the user actually has it installed on his system, we should whitelist SGID bits to allow for multi-user-mode as designed. Screen has been know to have security issues in the past, so installing it will remain a questionable choice. But the impact is reduced considerably from the SUID-root case I feared.
Make adjustments to hardening.