Possible pt_chown vulnerability
Mark Kettenis
kettenis@wins.uva.nl
Tue Jan 18 05:33:00 GMT 2000
From: Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de>
Date: 18 Jan 2000 12:31:46 +0100
Last summer, the following vulnerability was discussed on BUGTRAQ. It
never resulted in changes to glibc, and Andreas Jaeger told me that
you weren't notified.
Well, Andreas is wrong (although I don't blame him for not
remembering), and the bug is already fixed. The tricky part is that
no changes were made to login/programs/pt_chown.c itself. Instead a
bug in ptsname() was fixed:
1999-08-25 Mark Kettenis <kettenis@gnu.org>
* sysdeps/unix/sysv/linux/ptsname.c: Add checks to make sure we're
really dealing with a master pseudo terminal, and really returning
the name of the associated slave pseudo terminal by checking the
device number.
I belive this fix was already in glibc-2.1.2, but I'm not entirely
sure.
Mark
More information about the Libc-alpha
mailing list