Commit Graph

12 Commits

Author SHA1 Message Date
Carlos O'Donell
e4608715e6 CVE-2013-2207, BZ #15755: Disable pt_chown.
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.

Pre-conditions for the attack:

 * Attacker with local user account
 * Kernel with FUSE support
 * "user_allow_other" in /etc/fuse.conf
 * Victim with allocated slave in /dev/pts

Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own.  It cannot access /dev/pts/ptmx however.

In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
2013-07-21 15:39:55 -04:00
Chris Metcalf
540d7568ae Use <> brackets for not-cancel.h in sysdeps/unix/sysv/linux/grantpt.c. 2012-01-28 11:51:44 -05:00
Ulrich Drepper
0f622686af Avoid local PLTs. 2009-11-24 18:47:26 -08:00
Ulrich Drepper
139ee080b6 Prevent unintended file desriptor leak in grantpt.
The pt_chown program is completely transparently called.  It might
not be able to live with the various file descriptors the program
has open at the time of the call (e.g., under SELinux).  Close all
but the needed descriptor and connect stdin, stdout, and stderr
with /dev/null.  pt_chown shouldn't print anything when called to
do real work.
2009-11-24 18:24:14 -08:00
Ulrich Drepper
b34de9ea81 Fold Linux-specific grantpt code into Unix version. 2009-06-16 07:59:09 -07:00
Ulrich Drepper
292e3abebf Fix permission of slave device on devpts if necessary.
If devptr is misconfigured the slave device permission after grantpt
might not be 0620.  BZ #10166
2009-06-15 22:56:51 -07:00
Ulrich Drepper
739d440d2a Update.
2002-07-19  Ulrich Drepper  <drepper@redhat.com>

	* configure.in: Add test for __thread support in compiler.
	* config.h.in: Add HAVE___THREAD.
	* Makefile (headers): Remove errno.h, sys/errno.h, and bits/errno.h.
	* include/sys/errno.h: Moved to...
	* stdlib/sys/errno.h: ...here.  New file.
	* stdlib/errno.h: New file.  Moved from...
	* include/errno.h: ...here.  Changed into an internal header defining
	libc-local things like __set_errno.
	* stdlib/Makefile (headers): Add errno.h, sys/errno.h, and
	bits/errno.h.
	* elf/dl-minimal.c: Include <tls.h>.  Define errno as thread-local
	variable if USE_TLS && HAVE___THREAD.  Don't define __errno_location
	either.
	* elf/rtld.c (_dl_start): Add code to initialize TLS for ld.so
	from...
	(_dl_start_final): ...here.  Add code to initialize tls elements from
	bootstrap_map.
	* sysdeps/generic/errno-loc.c: Define errno as thread-local variable
	if USE_TLS && HAVE___THREAD.
	* sysdeps/generic/bits/errno.h: Remove __set_errno definition.
	* sysdeps/mach/hurd/bits/errno.h: Likewise.
	* sysdeps/standalone/arm/bits/errno.h: Likewise.
	* sysdeps/standalone/bits/errno.h: Likewise.
	* sysdeps/unix/bsd/bsd4.4/bits/errno.h: Likewise.
	* sysdeps/unix/sysv/aix/bits/errno.h: Likewise.
	* sysdeps/unix/sysv/hpux/bits/errno.h: Likewise.
	* sysdeps/unix/sysv/linux/bits/errno.h: Likewise.
	* sysdeps/unix/sysv/linux/hppa/bits/errno.h: Likewise.
	* sysdeps/unix/sysv/linux/mips/bits/errno.h: Likewise.
	* sysdeps/unix/sysv/sysv4/solaris2/bits/errno.h: Likewise.
	* sysdeps/i386/dl-machine.c (elf_machine_rel) [RTLD_BOOTSTRAP]: Don't
	use GL(dl_rtld_map), use map parameter.
	* sysdeps/sh/dl-machine.h (elf_machine_rela): Likewise.
	* sysdeps/unix/sysv/linux/i386/sysdep.S: Define errno in .tbss if
	USE_TLS && HAVE___THREAD.
	* sysdeps/unix/sysv/linux/i386/sysdep.h: Unify SETUP_PIC_REG
	definitions.  If USE_TLS && HAVE___THREAD store errooor value using
	TLS code sequence.
	* sysdeps/unix/sysv/linux/i386/i686/sysdep.h: Likewise.

	* sysdeps/unix/sysv/linux/getcwd.c: No real need to restore errno.
	* sysdeps/unix/sysv/linux/grantpt.c: Likewise.
	* sysdeps/unix/sysv/linux/internal_statvfs.c: Likewise.
	* sysdeps/unix/sysv/linux/msgctl.c: Likewise.
	* sysdeps/unix/sysv/linux/readv.c: Likewise.
	* sysdeps/unix/sysv/linux/writev.c: Likewise.
2002-07-20 01:14:41 +00:00
Ulrich Drepper
9cddf9deda Update.
2001-12-18  Jakub Jelinek  <jakub@redhat.com>

	* sysdeps/unix/sysv/linux/sparc/sparc64/clone.S (clone): Subtract
	stack bias from child stack pointer before passing it to clone syscall.

2001-12-18  Ulrich Drepper  <drepper@redhat.com>

	* sysdeps/posix/sysconf.c (__sysconf): Respect POSIX minimum for
	_SC_TZNAME_MAX.
	* sysdeps/generic/sysconf.c (__sysconf): Likewise.
	Reported by Thorsten Kukuk <kukuk@suse.de>.

	* sysdeps/unix/grantpt.c (grantpt): Correct typo in comment and
	add some casts.

	* sysdeps/unix/sysv/linux/grantpt.c: Make __unix_grantpt static.

2001-12-18  Thorsten Kukuk  <kukuk@suse.de>

	* sysdeps/unix/sysv/linux/grantpt.c: Make errno results standard
	conforming: return EBADF if file descriptor is invalid and EINVAL
	if file descriptor is no valid tty.
	* login/tst-grantpt.c: New file.
	* login/Makefile (tests): Add tst-grantpt.
2001-12-19 00:21:23 +00:00
Andreas Jaeger
41bdb6e20c Update to LGPL v2.1.
2001-07-06  Paul Eggert  <eggert@twinsun.com>

	* manual/argp.texi: Remove ignored LGPL copyright notice; it's
	not appropriate for documentation anyway.
	* manual/libc-texinfo.sh: "Library General Public License" ->
	"Lesser General Public License".

2001-07-06  Andreas Jaeger  <aj@suse.de>

	* All files under GPL/LGPL version 2: Place under LGPL version
	2.1.
2001-07-06 04:58:11 +00:00
Ulrich Drepper
1503837c6a Update.
1999-11-18  Andreas Jaeger  <aj@suse.de>

	* sysdeps/unix/sysv/linux/linux_fsinfo.h: Sorted entries and added
	comments.

	* sysdeps/unix/sysv/linux/getpt.c: Include linux_fsinfo.h instead
	of defining *_SUPER_MAGIC.
	* sysdeps/unix/sysv/linux/grantpt.c: Likewise.
1999-11-18 16:42:11 +00:00
Ulrich Drepper
9c9f3b1785 Update.
1999-11-09  Andreas Jaeger  <aj@suse.de>

	* sysdeps/unix/sysv/linux/grantpt.c (grantpt): Add support for devfs.

	* sysdeps/unix/sysv/linux/getpt.c (__getpt): Check for devfs.
	Patch by German Jose Gomez Garcia <german@pinon.ccu.uniovi.es>.

	* sysdeps/unix/sysv/linux/linux_fsinfo.h (DEVFS_SUPER_MAGIC): Added.
1999-11-17 20:37:54 +00:00
Ulrich Drepper
9b3c7c3c71 Update.
1998-09-17 19:34  Ulrich Drepper  <drepper@cygnus.com>

	* sysdeps/unix/sysv/sysv4/bits/utsname.h: Fix typo.
	Patch by John Tobey <jtobey@banta-im.com>.

1998-09-17  Mark Kettenis  <kettenis@phys.uva.nl>

	* login/pty-internal.h: Removed.  Moved constants related to the
	`grantpt' helper program protocol to ...
	* login/pty-private.h: ... here.  New file.
	* sysdeps/unix/sysv/linux/ptsname.c (ptsname): Reimplementation
	to make the function work with kernels >= 2.1.115.
	* sysdeps/unix/sysv/linux/getpt.c (getpt): Reimplement to call BSD
	version if using the cloning device fails.
	* sysdeps/unix/sysv/linux/grantpt.c: New file.
	* sysdeps/unix/sysv/linux/unlockpt.c: General cleanup.
	* sysdeps/unix/bsd/getpt.c (__getpt): Largely rewritten to allow
	use by Linux specific code.
	* sysdeps/unix/bsd/unlockpt.c: General cleanup.
	* sysdeps/unix/grantpt.c: Largely rewritten.  (pts_name): New
	function.  (grantpt): Use pts_name, check group and permission
	mode in addition to owner.  Try to set the owner, group and
	permission mode first without invoking the helper program.
	* login/programs/pt_chown.c: Largely rewritten.  Add argp and
	internationalization support.  Use symbolic constants instead of
	hardwired numbers for permission mode.
	* sysdeps/unix/bsd/ptsname.c: New file.

1998-09-17 22:04  Tim Waugh  <tim@cyberelk.demon.co.uk>

	* posix/wordexp-test.c: Undo last change.

	* posix/wordexp.c: Undo last change.
1998-09-17 19:51:33 +00:00