This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Update pt_chown sections of the manual


On 20 August 2013 17:48, Allan McRae <allan@archlinux.org> wrote:
> The pt-chown binary is discussed in the "Running make install" section
> without clarification of the needed configure option.  Clarify this
> and simplfy the discription which is already covered in the "Configuring
> and compiling" section.  Move details of the source location to below
> the discussion of the security risk imposed by pt-chown.
> ---
>
> 2013-08-20  Allan McRae  <allan@archlinux.org>
>
>         [BZ #15849]
>         * manual/install.text (Running make install): Mention
>         --enable-pt-chown.  Move source details...
>         (Configuring and compiling): ...here.
>
>
>  manual/install.texi | 16 +++++++---------
>  1 file changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/manual/install.texi b/manual/install.texi
> index 4575d22..b5d41a7 100644
> --- a/manual/install.texi
> +++ b/manual/install.texi
> @@ -175,7 +175,8 @@ pseudo-terminal ownership automatically.  By using
>  @samp{--enable-pt_chown}, you may build @file{pt_chown} and install it
>  setuid and owned by @code{root}.  The use of @file{pt_chown} introduces
>  additional security risks to the system and you should enable it only if
> -you understand and accept those risks.
> +you understand and accept those risks.  The source for @file{pt_chown}
> +is in @file{login/programs/pt_chown.c}.

Why is this needed?  I don't think we include references to internals
source code anywhere in the manual.

>  @item --build=@var{build-system}
>  @itemx --host=@var{host-system}
> @@ -325,14 +326,11 @@ can dramatically improve performance with NIS+, and may help with DNS as
>  well.
>
>  One auxiliary program, @file{/usr/libexec/pt_chown}, is installed setuid
> -@code{root}.  This program is invoked by the @code{grantpt} function; it
> -sets the permissions on a pseudoterminal so it can be used by the
> -calling process.  This means programs like @code{xterm} and
> -@code{screen} do not have to be setuid to get a pty.  (There may be
> -other reasons why they need privileges.)  If you are using a
> -Linux kernel with the @code{devptsfs} or @code{devfs} filesystems
> -providing pty slaves, you don't need this program; otherwise you do.
> -The source for @file{pt_chown} is in @file{login/programs/pt_chown.c}.
> +@code{root} if the @samp{--enable-pt_chown} configuration option is used.
> +This program is invoked by the @code{grantpt} function; it sets the
> +permissions on a pseudoterminal so it can be used by the calling process.
> +If you are using a Linux kernel with the @code{devpts} filesystem enabled
> +and mounted at @file{/dev/pts}, you don't need this program.
>
>  After installation you might want to configure the timezone and locale
>  installation of your system.  @Theglibc{} comes with a locale
> --
> 1.8.3.4
>



-- 
http://siddhesh.in


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]