CVE-2013-2207, BZ #15755: Disable pt_chown.

The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk.
author: Carlos O'Donell <carlos@redhat.com> 2013-07-19 02:42:03 -0400
committer: Carlos O'Donell <carlos@redhat.com> 2013-07-21 15:39:55 -0400
commit: e4608715e6e1dd2adc91982fd151d5ba4f761d69 (patch)
tree: 04bc13d3736e14045f0f9fc37e0303a067f943cf /config.h.in
parent: da2d62df77de66e5de5755228759f8bc18481871 (diff)
download: glibc-e4608715e6e1dd2adc91982fd151d5ba4f761d69.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/config.h.in b/config.h.in
index 6284e2a99b..a85f131255 100644
--- a/config.h.in
+++ b/config.h.in
@@ -238,4 +238,7 @@
 /* The ARM hard-float ABI is being used.  */
 #undef HAVE_ARM_PCS_VFP
 
+/* The pt_chown binary is being built and used by grantpt.  */
+#undef HAVE_PT_CHOWN
+
 #endif
author	Carlos O'Donell <carlos@redhat.com>	2013-07-19 02:42:03 -0400
committer	Carlos O'Donell <carlos@redhat.com>	2013-07-21 15:39:55 -0400
commit	e4608715e6e1dd2adc91982fd151d5ba4f761d69 (patch)
tree	04bc13d3736e14045f0f9fc37e0303a067f943cf /config.h.in
parent	da2d62df77de66e5de5755228759f8bc18481871 (diff)
download	glibc-e4608715e6e1dd2adc91982fd151d5ba4f761d69.tar.gz