This is the mail archive of the libc-alpha@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Possible pt_chown vulnerability

To: Florian dot Weimer at rus dot uni-stuttgart dot de
Subject: Re: Possible pt_chown vulnerability
From: Mark Kettenis <kettenis at wins dot uva dot nl>
Date: Tue, 18 Jan 2000 14:33:29 +0100 (MET)
CC: libc-alpha at sourceware dot cygnus dot com

   From: Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de> 
   Date: 18 Jan 2000 12:31:46 +0100 

   Last summer, the following vulnerability was discussed on BUGTRAQ.  It
   never resulted in changes to glibc, and Andreas Jaeger told me that
   you weren't notified.

Well, Andreas is wrong (although I don't blame him for not
remembering), and the bug is already fixed.  The tricky part is that
no changes were made to login/programs/pt_chown.c itself.  Instead a
bug in ptsname() was fixed:

   1999-08-25  Mark Kettenis  <kettenis@gnu.org>

	   * sysdeps/unix/sysv/linux/ptsname.c: Add checks to make sure we're
	   really dealing with a master pseudo terminal, and really returning
	   the name of the associated slave pseudo terminal by checking the
	   device number.

I belive this fix was already in glibc-2.1.2, but I'm not entirely
sure.

Mark

Follow-Ups:
- Re: Possible pt_chown vulnerability
  - From: Andreas Jaeger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]