[blfs-dev] Glibc-2.18, pt_chown and terminal emulators

Armin K. krejzi at email.com
Mon Aug 19 04:43:05 PDT 2013


On 08/19/2013 09:52 AM, Ragnar Thomsen wrote:
> In glibc 2.18, the pt_chown binary no longer gets installed by default
> due to security reasons. This resulted for me in konsole not working.
> I tracked the issue down to the missing pt_chown binary.
> 
> pt_chown can still be installed by supplying the switch
> --enable-pt_chown to glibc, but as the binary was removed due to
> security reasons, I don't think this is the right approach for B/LFS.
> Instead I found that changing the gid of group tty to 5 fixed konsole
> (the tty group had a gid of 4 on my system). It appears the gid of tty
> needs to be the same as the devpts filesystem is mounted with (which
> is 5 in LFS). This issue may also affect other terminal emulators.
> 
> See this thread:
> http://sourceware-org.1504.n7.nabble.com/PATCH-BZ-15755-CVE-2013-2207-pt-chown-tricked-into-granting-access-to-another-users-pseudo-terminal-td238852.html
> 
> I suggest we add the tty group with gid 5 to the "About System Users
> and Groups" in BLFS and maybe also add a note to the konsole page.
> The command explanation for the  "--libexecdir=/usr/lib/glibc" switch
> in glibc in LFS also needs to be changed, since pt_chown is no longer
> installed.
> 
> Sincerely,
> Ragnar
> 

http://www.linuxfromscratch.org/lfs/view/development/chapter06/createfiles.html

tty is gid 5 here and is added in LFS.



More information about the blfs-dev mailing list