[dooglius]

No, tmux uses unix domain sockets. I have no idea why screen chose to take the setuid approach instead here; it seems totally unnecessary to have root privileges.

EDIT: Further down, TFA gives a plausible explanation: the current screen devs are not fully familiar with the code base. If so, the setuid-root approach was probably the easiest way to make the feature work in lieu of such familiarity.

[JdeBP]

screen has a lot of architectural baggage that can be traced back to its initial 1987 comp.sources.unix/mod.sources versions in some cases. Being set-UID to the superuser is one of them. See the doco for screen as it was posted in volume 10:

https://sources.vsta.org/comp.sources.unix/volume10/screen/

[Henchman21]

I guessed something similar. Screen is from an era where setuid was pretty common!

[chasil]

In the EPEL versions of screen, I am seeing the setgid bit set only. I am guessing that later versions setuid to root?

  $ ll /usr/bin/screen
  -rwxr-sr-x. 1 root screen 495816 Feb  3  2022 /usr/bin/screen

  $ rpm -q screen
  screen-4.8.0-6.el9.x86_64

Edit: Yes, Screen 5.0.0.

CVE-2025-46802 can impact earlier releases, but all the other vulnerabilities are for the latest.

[gertrunde]

The original writeup by the OpenSUSE security team laid this out better:

https://security.opensuse.org/2025/05/12/screen-security-iss...

Different distros built it in different ways, affecting level of vulnerability to the different issues.

[account42]

This "explanation" only makes it sound worse - why would you even consider setuid if you do not completely understand ever detail of the code base.

[fzzzy]

screen has used setuid root for multiuser for at least 20 years. Used to use it in multiuser for remote pair programming.

[icedchai]

I remember installing screen on a SunOS box back in the early 90's. It's been around a longggg time.

[fullstop]

I guess I'm glad that I switched to tmux ages ago.