[arch-dev-public] Warning: remove /dev/pts from /etc/fstab - glibc-2.18 update
Hi all, The update to glibc-2.18 removes pt_chown which is a security risk. It is not needed on an Arch system given we have /dev/pts. However, some people appear to have /dev/pts in their /etc/fstab file, which generates it with the wrong permissions. This will result in errors like "grantpt failed: Operation not permitted". To fix this, remove that line from your fstab file. systemd will take care of generating /dev/pts with the right permissions. Allan
Am 15.08.2013 14:06, schrieb Allan McRae:
Hi all,
The update to glibc-2.18 removes pt_chown which is a security risk. It is not needed on an Arch system given we have /dev/pts.
However, some people appear to have /dev/pts in their /etc/fstab file, which generates it with the wrong permissions. This will result in errors like "grantpt failed: Operation not permitted".
Thank you for this. Before, it was impossible to use glibc's openpty() in an environment where your root was mounted nosuid or with PR_SET_NO_NEW_PRIVS set to 1. The system call for the new pty would succeed, the permissions on the pts-device would be correct, too. Then glibc would call pt_chown to fix the permissions (which were already correct) which would fail due to insufficient permissions. On top of that, it would output an errno code that was not documented for openpty(). Took me hours to figure this out (and replace pt_chown with a symlink to /bin/true to fix it).
On Thu, 15 Aug 2013, Allan McRae wrote:
The update to glibc-2.18 removes pt_chown which is a security risk. It is not needed on an Arch system given we have /dev/pts.
However, some people appear to have /dev/pts in their /etc/fstab file, which generates it with the wrong permissions. This will result in errors like "grantpt failed: Operation not permitted".
To fix this, remove that line from your fstab file. systemd will take care of generating /dev/pts with the right permissions.
Just a suggestion, but I think this might be worth a news item. I got stung by this this morning, and couldn't log in (as my regular user, which automatically spawns tmux on login). It wasn't at all obvious what the problem/solution was. Just guessing that users might be caught by this who don't follow arch-dev-public. Thanks, Pete.
participants (3)
-
Allan McRae
-
Peter Lewis
-
Thomas Bächler