This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/19347] New: grantpt: try to force a specific gid even without pt_chown


https://sourceware.org/bugzilla/show_bug.cgi?id=19347

            Bug ID: 19347
           Summary: grantpt: try to force a specific gid even without
                    pt_chown
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: aurelien at aurel32 dot net
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

POSIX specifies that the grantpt() function should change the pty node to
permission mode 0620 and to a specific group, which is tty or 5 on Linux. For
that the glibc implementation try to down a chown with the correct group, but
when it is not correct it is very unlikely to be able to succeed for non-root
user. When the chown fails, the whole grantpt() function fails.

This happens for example with a misconfigured (wrt POSIX) /dev/pts filesystem
where the mount option gid=5 is not present. Unfortunately due to the strange
kernel behavior wrt multiple devpts mount, this can happen more than expected.
It can also be an admin choice to default to 0600 to not allow the tty group a
write access (default to mesg n).

When the GNU libc is built without pt_chown, the creation of the pty node, the
group and the permission mode are delegated to the kernel. The libc should just
trust that and therefore not try to change things, beyond the minimal security.
This would allow the grantpt() to work for almost every devpts configuration,
basically as long as the uid of the pty node matches the one requesting it.

A first patch is available there
https://sourceware.org/ml/libc-alpha/2015-12/msg00107.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]