[arch-dev-public] Warning: remove /dev/pts from /etc/fstab - glibc-2.18 update

Thomas Bächler thomas at archlinux.org
Thu Aug 15 08:28:21 EDT 2013


Am 15.08.2013 14:06, schrieb Allan McRae:
> Hi all,
> 
> The update to glibc-2.18 removes pt_chown which is a security risk.  It
> is not needed on an Arch system given we have /dev/pts.
> 
> However, some people appear to have /dev/pts in their /etc/fstab file,
> which generates it with the wrong permissions.  This will result in
> errors like "grantpt failed: Operation not permitted".

Thank you for this. Before, it was impossible to use glibc's openpty()
in an environment where your root was mounted nosuid or with
PR_SET_NO_NEW_PRIVS set to 1.

The system call for the new pty would succeed, the permissions on the
pts-device would be correct, too. Then glibc would call pt_chown to fix
the permissions (which were already correct) which would fail due to
insufficient permissions. On top of that, it would output an errno code
that was not documented for openpty(). Took me hours to figure this out
(and replace pt_chown with a symlink to /bin/true to fix it).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20130815/c3931c94/attachment.asc>


More information about the arch-dev-public mailing list