oss-sec mailing list archives
Re: Access to /dev/pts devices via pt_chown and user namespaces
From: Simon McVittie <smcv () debian org>
Date: Wed, 24 Feb 2016 07:01:11 +0000
On Wed, 24 Feb 2016 at 05:43:04 +0000, halfdog wrote:
Dmitry V. Levin wrote:Just for the record, pt_chown is not enabled by default in upstream glibc starting with glibc-2.18, one has to specify --enable-pt_chown configure option explicitly to build pt_chown.Thanks for that information. So for pt_chown, this could hopefully be just an Ubuntu issue.
And Debian 8 (but not the future Debian 9, at least on Linux kernels), and probably other distributions where backward compat was a concern. <https://bugs.debian.org/717544> has some interesting background. The Debian and Ubuntu glibc maintainers tried turning off pt_chown in 2014, but had to turn it back on because it caused too many regressions: in particular "mount -t devpts devpts-foo chroot-foo/dev/pts" apparently alters the mount options for the "real" /dev/pts, not just the one being mounted in the chroot (presumably losing the noexec,nosuid,gid=5 and mode=620 or mode=600 options that are expected in Debian). I don't know whether the default mount options were subsequently altered in util-linux and/or the kernel as suggested on that bug, or whether manually mounting devpts is just not going to be a supported action in Debian 9. S
Current thread:
- Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Solar Designer (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Simon McVittie (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 24)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Serge Hallyn (Feb 24)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Jakub Wilk (Feb 27)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Solar Designer (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Alan Coopersmith (Feb 23)