I am looking into upgrading GNU screen following CVE-2021-26937. My question is simple: can I upgrade GNU screen without restarting my current screen, e.g., by a kind of in-place upgrade mechanism where the new version of screen would take over the file descriptors from a screen launched with the old version or something like that? Or do I need to restart my screen session when upgrading?
Asked
Active
Viewed 125 times
1 Answers
0
Probably not. Code updates will not be reflected in running processes. Not merely a matter of open file descriptors. I suspect a restart of screen is needed, but test that yourself.
Assess your risk and options. When is your next reboot for other reasons, like for libc or kernel updates? Probably just a few weeks. Is the advisory denial of service, or are there known code exec? Do you run monitoring or user type things, or are you running daemon processes in screen? If the latter, consider migrating to a background service manager like systemd or supervisord.
John Mahowald
- 32,050
- 2
- 19
- 34