From nobody Tue Mar 29 15:43:16 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5AD1C1A31EBC; Tue, 29 Mar 2022 15:43:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSYkF0yl0z3rvg; Tue, 29 Mar 2022 15:43:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648568597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PLcD+jGS35LJ68xV1r1MfjJJzvOwlrXJid253NmSVeo=; b=HfRVX918i3FiErap6dczRqJWGxLFpd/xHAiSe/WIWxO+nYRUYLp1IDiqAw0TwUr+/V1jiQ Fn1vg8gCDcl1joCMhZbxB/p1x12UX65bWHqx4cOX7QSJ/Wvhr7ZvD0t4CWQG5Ql0CAEGGf 9nuO+izCLjSNWBg8V+1SakupgPJbIqD/H7VHi4wiV3XsxTxdoSPYWXwOTWHyG92PL+sI14 azcgx64QYKh11ExBXW5Gh0JNrNd9C7imFRun4FTyzfjxw0aTrIodruAdWsgRIClO1I6GEm LAEET/kIYO+hqh06hJEWvT+ea4LWVFnZFWN+nFCZHjhq1IZRuRPRna2+cCq8Bw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E1AB321539; Tue, 29 Mar 2022 15:43:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22TFhGt2057881; Tue, 29 Mar 2022 15:43:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22TFhGR8057880; Tue, 29 Mar 2022 15:43:16 GMT (envelope-from git) Date: Tue, 29 Mar 2022 15:43:16 GMT Message-Id: <202203291543.22TFhGR8057880@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Cy Schubert Subject: git: 8f528507e9ca - main - sysutils/screen: Disable multiuser mode by default List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8f528507e9ca0e4f9020269ac69fc7d87249417d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648568597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PLcD+jGS35LJ68xV1r1MfjJJzvOwlrXJid253NmSVeo=; b=DZabwsK4SyfXQ83ffyZCJVTBeMRZH6FJsSJOeiPLvyexT6AZOHlHswTu0LRn/vU5behmyP gSLIZ/ifKPPFSYaEOVO887PZy4/rhXz3lkEtZ62Q+xE/oYiD9URPutmCUmZH1JF39T8AK+ Q+9sHo7iLcNRIPs2h75TrXLoIoBlnfSMy3s1sx5fztBE2Ehy87jwXs0+R5bH4RWE+3+gGy numkeIJiWkW3egQMJHwNSXTAlZ37FUIlgCIZviWRsd4/YMytzO/iingod09nwSfKClCkvr ovh5gwNajRQApGThHGN53vQJ9V216AtCNSyaaYoNsmaZg1HG869oJEobey8pyQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648568597; a=rsa-sha256; cv=none; b=Z7CZ73Pmg9xS/qEpvfQ0QYtLpHxnuskoF/2L58jNiaJ9r+qfTqEjcioLK4iVIpclnKKTOH JFHVT6aaWfv1yfUNuqShXsDWIk7vNeCrmpy+UWv2Hz0IXF23OzopyoDYsBUBePyVtwW8YE 3/li+1kxN3xtFYRYPz93KATxMT0bGyTN4kMl0pgDlBNjXm1ZbKhFV9pQz9c/0r1vBI4Tkl LJDwu4d3CMzOnN7souJXiLcq94rAZc3OL3CRukTF8VkZSHvOsbxPa/IGehaUICPKPOgGF8 uQG4Fhg+koW6soJQBEBvflzYLWm5imQ/9HpTPYIAXEoLhPf440Gjqv06j7m9wg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=8f528507e9ca0e4f9020269ac69fc7d87249417d commit 8f528507e9ca0e4f9020269ac69fc7d87249417d Author: Cy Schubert AuthorDate: 2022-03-29 15:02:19 +0000 Commit: Cy Schubert CommitDate: 2022-03-29 15:39:28 +0000 sysutils/screen: Disable multiuser mode by default Multiuser mode is a handy way to share a screen among people who do not reside in the same location. Unforutnately it requires that screen be setuid root. GNU screen has had a number of CVEs over the years. See https://www.cvedetails.com/vulnerability-list/vendor_id-72/\ product_id-1860/GNU-Screen.html. Removing the setuid bit mitigates this at the expense of breaking the multuser feature. Red Hat removed GNU screen's setuid bit over a dozen years ago. Their rationale is documented in their bugzilla bug 580339, where they stated that most users don't use the multiuser feature. (Personally, I'm the only person I know of who uses that feature.) Users who use the multuser feature should enable the MUILTUSER option prior to building screen or using poudriere-options. Alternatively, users can chmod the setuid bit on when needed. PR: 262903 Submitted by: david@isnic.is (mostly) Reported by: david@isnic.is --- sysutils/screen/Makefile | 7 +++++-- sysutils/screen/pkg-plist | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sysutils/screen/Makefile b/sysutils/screen/Makefile index 8929ce4e5ef7..664bc585e091 100644 --- a/sysutils/screen/Makefile +++ b/sysutils/screen/Makefile @@ -2,7 +2,7 @@ PORTNAME= screen PORTVERSION= 4.9.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= sysutils MASTER_SITES= GNU \ ftp://ftp.gnu.org/gnu/screen/ \ @@ -18,7 +18,7 @@ COMMENT= Multi-screen window manager LICENSE= GPLv3 -OPTIONS_DEFINE= INFO NETHACK XTERM_256 SYSTEM_SCREENRC +OPTIONS_DEFINE= INFO NETHACK XTERM_256 SYSTEM_SCREENRC MULTIUSER OPTIONS_DEFAULT= INFO NETHACK XTERM_256 SOCKETS SYSTEM_SCREENRC \ NCURSES_DEFAULT OPTIONS_SINGLE= IPC NCURSES @@ -29,6 +29,9 @@ XTERM_256_DESC= Enable support for 256 colour xterm SOCKETS_DESC= Use new (4.2.1+) sockets for IPC (default) NAMED_PIPES_DESC= Use legacy (4.0.3) named pipes for IPC (override) SYSTEM_SCREENRC_DESC= Install system screenrc with helpful status line +MULTIUSER_DESC= Install setuid-root screen to support multiuser +MULTIUSER_PLIST_SUB= MULTIUSER_SCREEN="@(,,4755) " +MULTUSER_PLIST_SUB_OFF= MULTIUSER_SCREEN="@(,,0755) " NCURSES_DEFAULT_DESC= Depend on ncurses (ports if installed, otherwise base) NCURSES_BASE_DESC= Depend on ncurses in base NCURSES_PORT_DESC= Depend on devel/ncurses in ports diff --git a/sysutils/screen/pkg-plist b/sysutils/screen/pkg-plist index faddf89b1799..e1afe2d637e4 100644 --- a/sysutils/screen/pkg-plist +++ b/sysutils/screen/pkg-plist @@ -1,5 +1,5 @@ bin/screen -bin/screen-4.9.0 +%%MULTIUSER_SCREEN%%bin/screen-4.9.0 man/man1/screen.1.gz %%DATADIR%%/utf8encodings/01 %%DATADIR%%/utf8encodings/02