Carlos O'Donell e4608715e6 CVE-2013-2207, BZ #15755: Disable pt_chown. ... The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk.		2013-07-21 15:39:55 -04:00
..
examples
argp.texi
arith.texi
charset.texi
conf.texi
contrib.texi
creature.texi
crypt.texi
ctype.texi
debug.texi
dir
errno.texi
fdl-1.3.texi
filesys.texi
freemanuals.texi
getopt.texi
header.texi
install.texi
intro.texi
io.texi
job.texi
lang.texi
lgpl-2.1.texi
libc-texinfo.sh
libc.texinfo
libcbook.texi
libm-err-tab.pl
llio.texi
locale.texi
macros.texi
maint.texi
Makefile
math.texi
memory.texi
message.texi
nss.texi
nsswitch.texi
pattern.texi
pipe.texi
platform.texi
process.texi
resource.texi
search.texi
setjmp.texi
signal.texi
socket.texi
startup.texi
stdio-fp.c
stdio.texi
string.texi
summary.awk
sysinfo.texi
syslog.texi
terminal.texi
texinfo.tex
texis.awk
threads.texi
time.texi
tsort.awk
users.texi
xtract-typefun.awk