Possible pt_chown vulnerability
Andreas Jaeger
aj@suse.de
Tue Jan 18 05:38:00 GMT 2000
>>>>> Mark Kettenis writes:
Mark> From: Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de>
Mark> Date: 18 Jan 2000 12:31:46 +0100
Mark> Last summer, the following vulnerability was discussed on BUGTRAQ. It
Mark> never resulted in changes to glibc, and Andreas Jaeger told me that
Mark> you weren't notified.
Mark> Well, Andreas is wrong (although I don't blame him for not
Mark> remembering), and the bug is already fixed. The tricky part is that
Mark> no changes were made to login/programs/pt_chown.c itself. Instead a
Mark> bug in ptsname() was fixed:
Thanks for the looking it up.
Mark> 1999-08-25 Mark Kettenis <kettenis@gnu.org>
Mark> * sysdeps/unix/sysv/linux/ptsname.c: Add checks to make sure we're
Mark> really dealing with a master pseudo terminal, and really returning
Mark> the name of the associated slave pseudo terminal by checking the
Mark> device number.
Mark> I belive this fix was already in glibc-2.1.2, but I'm not entirely
Mark> sure.
I've just checked it: The patch is in glibc 2.1.2.
Andreas
--
Andreas Jaeger
SuSE Labs aj@suse.de
private aj@arthur.rhein-neckar.de
More information about the Libc-alpha
mailing list