[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Access to /dev/pts devices via pt_chown and user namespaces
From:       Jakub Wilk <jwilk () debian ! org>
Date:       2016-02-27 17:34:20
Message-ID: 20160227173409.GA3663 () jwilk ! net
[Download RAW message or body]

* Simon McVittie <smcv@debian.org>, 2016-02-24, 07:01:
>>>Just for the record, pt_chown is not enabled by default in upstream 
>>>glibc starting with glibc-2.18, one has to specify --enable-pt_chown 
>>>configure option explicitly to build pt_chown.
>>
>>Thanks for that information. So for pt_chown, this could hopefully be 
>>just an Ubuntu issue.
>
>And Debian 8 (but not the future Debian 9, at least on Linux kernels), 
>and probably other distributions where backward compat was a concern.
>
><https://bugs.debian.org/717544> has some interesting background. The 
>Debian and Ubuntu glibc maintainers tried turning off pt_chown in 2014, 
>but had to turn it back on because it caused too many regressions: in 
>particular "mount -t devpts devpts-foo chroot-foo/dev/pts" apparently 
>alters the mount options for the "real" /dev/pts, not just the one 
>being mounted in the chroot (presumably losing the noexec,nosuid,gid=5 
>and mode=620 or mode=600 options that are expected in Debian). I don't 
>know whether the default mount options were subsequently altered in 
>util-linux and/or the kernel as suggested on that bug, or whether 
>manually mounting devpts is just not going to be a supported action in 
>Debian 9.

grantpt() was fixed so that it works even when /dev/pts mount options 
are "wrong":
https://sourceware.org/ml/libc-alpha/2015-12/msg00151.html

This is going to be backported to Debian 8 (jessie):
https://bugs.debian.org/816023

-- 
Jakub Wilk
[prev in list] [next in list] [prev in thread] [next in thread]