• Bug#1100699: screen: hardcopy and screen-exchange are insecure by defau

    From Richard Lewis@21:1/5 to anarcat@debian.org on Sat Apr 5 13:40:01 2025
    On Fri, 28 Mar 2025 14:59:50 -0400 =?utf-8?Q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org> wrote:
    On 2025-03-17 15:48:56, Vincent Lefevre wrote:

    + possible data loss via a symlink attack
    The screen-exchange feature (">" in copy mode) is also insecure:

    Is it worth keeping screen in Debian at all?

    i switched to tmux many years ago, but i think you should give users a
    lot of warning before removing screen (NEWS.Debian in screen,
    release-notes and then remove a future stable release etc?).

    i believe screen does have some features not in tmux at all, so you
    should expect that removing it will cause complaints, and maybe failed
    upgrades for anyone doing dist-upgrade inside screen.

    Debian's own release-notes recommend using screen for upgrades (and
    adding tmux is still an MR -- there was quite a bit of scepticism that
    tmux was stable enough to always replace it).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)