This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] BZ #15755: CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal


On 25 July 2013 19:37, Markus Trippelsdorf <markus@trippelsdorf.de> wrote:
> On 2013.07.19 at 01:55 -0400, Carlos O'Donell wrote:
>> CVE-2013-2207: pt_chown tricked into granting access to another
>> users pseudo-terminal
>
> Just a heads up.
>
> This patch causes Konsole and tmux startup failures on my machine, e.g.:
>  konsole(364)/kdecore (KPty/K3Process) KPty::open: Can't open a pseudo teletype
>
> To fix this issue I had to remount devpts with gid=5:
>  mount -o remount,gid=5 /dev/pts/
>
> My original fstab had this entry:
>  devpts  /dev/pts        devpts      rw,relatime,mode=600   0 0

That's expected.  /dev/pts should always be mounted with gid=5 where 5
is the gid of the tty group.  It's a distribution bug if that was how
it set up the system by default.

Siddhesh
-- 
http://siddhesh.in


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]