"screen" is not hidden

[unixfox]

When I run the screen command, the owner of the machine (logged as root) can view the running command inside top/htop and can join the screen session. I've the almost same behavior with tmux but the tmux running command isn't listed inside the "top"/"htop" command.

Is there a way to hide completely a screen/tmux session or does exist a multiplexer terminal program that doesn't allow other users to join the session?

[mempodippy]

My assumption is that it would occur since the effective GID of the user is changed when using tmux or screen. "uid=0(root) gid=729911652 egid=43(utmp) groups=43(utmp),0(root)" is the output that 'id' gives when in a screen session. And so, the effective GID of the screen/tmux process != the magic GID. I'll see if there's a solution to this, but as far as I can tell this is outside of vlany's control. I could prevent screen/tmux from changing the effective GID, but that might break some requirements of both terminals. For now, avoid using screen or tmux. I'll see what I can do.

[mempodippy]

Problem fixed. The screen process is now completely hidden from process viewers.

[unixfox]

It's possible to list and enter into a screen created from the vlany shell. Proof:

[mempodippy]

Alright, so screen is responsible for making FIFOs, which are basically the screen sessions. The call that does this is mkfifo(). I can hook this and make the call automatically hide the new FIFO file with vlany's special extended attribute strings should the current user be the backdoor user. This shouldn't be a problem. But why would anyone kitting a box want to have resumable screen sessions in their backdoor? I'll push a fix tomorrow. 😃

Discard everything I said that has a strike through it. FIFO files can't have extended attributes applied to them. But they can however, like everything else, have group IDs applied. I'll work something out.

[unixfox]

Screen is great for launching process in the background and being able to interact with it any time. If you've a better alternative I'm interested.

[unixfox]

@mempodippy Thank you for trying :) but your modification isn't working:

[root@vlany:~/test]$ screen -S test
mkfifo /var/run/screen/S-root/10851.test failed

[mempodippy]

I do actually have a mkfifo hook that redirects the fifo file and makes a symlink, but it doesn't work for some reason. It creates the fifo file in a different location and creates the symlink fine, but when trying to hide the link, mkfifo (or screen) throws an error. I'll push what I have right now and I'll add some commentary so that my intentions are somewhat clearer. I think screen might be throwing the error because the new file isn't actually a fifo file. Gimme a sec. Edit: Hook commented and pushed. In the meantime, avoid using multiplexers or anything similar. Their behavior is a nuisance.