[blfs-dev] Glibc-2.18, pt_chown and terminal emulators

Ragnar Thomsen rthomsen6 at gmail.com
Mon Aug 19 00:52:59 PDT 2013


In glibc 2.18, the pt_chown binary no longer gets installed by default
due to security reasons. This resulted for me in konsole not working.
I tracked the issue down to the missing pt_chown binary.

pt_chown can still be installed by supplying the switch
--enable-pt_chown to glibc, but as the binary was removed due to
security reasons, I don't think this is the right approach for B/LFS.
Instead I found that changing the gid of group tty to 5 fixed konsole
(the tty group had a gid of 4 on my system). It appears the gid of tty
needs to be the same as the devpts filesystem is mounted with (which
is 5 in LFS). This issue may also affect other terminal emulators.

See this thread:
http://sourceware-org.1504.n7.nabble.com/PATCH-BZ-15755-CVE-2013-2207-pt-chown-tricked-into-granting-access-to-another-users-pseudo-terminal-td238852.html

I suggest we add the tty group with gid 5 to the "About System Users
and Groups" in BLFS and maybe also add a note to the konsole page.
The command explanation for the  "--libexecdir=/usr/lib/glibc" switch
in glibc in LFS also needs to be changed, since pt_chown is no longer
installed.

Sincerely,
Ragnar



More information about the blfs-dev mailing list