"screen" is not hidden

[unixfox]

When I run the screen command, the owner of the machine (logged as root) can view the running command inside top/htop and can join the screen session.
I've the almost same behavior with tmux but the tmux running command isn't listed inside the "top"/"htop" command.

Is there a way to hide completely a screen/tmux session or does exist a multiplexer terminal program that doesn't allow other users to join the session?

[mempodippy]

My assumption is that it would occur since the effective GID of the user is changed when using tmux or screen.
"uid=0(root) gid=729911652 egid=43(utmp) groups=43(utmp),0(root)" is the output that 'id' gives when in a screen session. And so, the effective GID of the screen/tmux process != the magic GID.
I'll see if there's a solution to this, but as far as I can tell this is outside of vlany's control.
I could prevent screen/tmux from changing the effective GID, but that might break some requirements of both terminals.
For now, avoid using screen or tmux. I'll see what I can do.

[mempodippy]

Problem fixed. The screen process is now completely hidden from process viewers.

[unixfox]

It's possible to list and enter into a screen created from the vlany shell.
Proof:

[mempodippy]

Alright, so screen is responsible for making FIFOs, which are basically the screen sessions. The call that does this is mkfifo(). I can hook this and make the call automatically hide the new FIFO file with vlany's special extended attribute strings should the current user be the backdoor user. This shouldn't be a problem. But why would anyone kitting a box want to have resumable screen sessions in their backdoor?
I'll push a fix tomorrow. 😃

Discard everything I said that has a strike through it. FIFO files can't have extended attributes applied to them. But they can however, like everything else, have group IDs applied. I'll work something out.

[unixfox]

Screen is great for launching process in the background and being able to interact with it any time.
If you've a better alternative I'm interested.

[unixfox]

@mempodippy Thank you for trying :) but your modification isn't working:

[root@vlany:~/test]$ screen -S test
mkfifo /var/run/screen/S-root/10851.test failed

[mempodippy]

I do actually have a mkfifo hook that redirects the fifo file and makes a symlink, but it doesn't work for some reason. It creates the fifo file in a different location and creates the symlink fine, but when trying to hide the link, mkfifo (or screen) throws an error. I'll push what I have right now and I'll add some commentary so that my intentions are somewhat clearer.
I think screen might be throwing the error because the new file isn't actually a fifo file.
Gimme a sec.
Edit: Hook commented and pushed. In the meantime, avoid using multiplexers or anything similar. Their behavior is a nuisance.