This is the mail archive of the
libc-alpha@sourceware.cygnus.com
mailing list for the glibc project.
Re: [Michal Zalewski <lcamtuf@IDS.PL>] [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
From: Andreas Schwab <schwab@suse.de>
Date: 25 Aug 1999 15:10:04 +0200
Mark Kettenis <kettenis@wins.uva.nl> writes:
|> From: Andreas Schwab <schwab@suse.de>
|> Date: 25 Aug 1999 11:33:24 +0200
|>
|> Ulrich Drepper <drepper@cygnus.com> writes:
|>
|> |> Andreas Jaeger <aj@arthur.rhein-neckar.de> writes:
|> |>
|> |> > I found this on BugTray. Michal describes an exploit based on
|> |> > pt_chown. Could anybody check this, please?
|> |>
|> |> Already fixed. The glibc 2.1 one, I mean.
|>
|> ??? I cannot see any changes in the 2.1 branch, and what you checked in
|> into the main branch makes pt_chown completely useless.
|>
|> What do you mean Andreas? The fact that unix98_pseudo_p is passed the
|> total device number wheras the actually implementation is designed to
|> get only the device major? Or are you referring to the fact that
|> unix98_pseudo_p doesn't check for BSD-style pseudo terminals?
|> IMHO this check shouldn't be necessary.
Clarification: I intended to say that the pseudo terminal check
(eithot for Unix98-style or BSD-style) doesn't belong in pt_chown at
all, but should be done in ptsname.
Think about it: pt_chown is used *only* for BSD ptys. Unix98 ptys change
their owners automagically, and don't need pt_chown at all.
That's not exactly true. Unix98 ptys only change their owners
automagically if devpts is used. There is nothing that prevents one
from not using devpts and creating the /dev/pts/# nodes in the
traditional way.
Mark