mirror/glibc
2
0
Fork 0
mirror of git://sourceware.org/git/glibc.git synced 2024-11-21 01:12:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
f8b4877a75
glibc/manual
History
Carlos O'Donell e4608715e6 CVE-2013-2207, BZ #15755: Disable pt_chown. 
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.

Pre-conditions for the attack:

 * Attacker with local user account
 * Kernel with FUSE support
 * "user_allow_other" in /etc/fuse.conf
 * Victim with allocated slave in /dev/pts

Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own.  It cannot access /dev/pts/ptmx however.

In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
2013-07-21 15:39:55 -04:00
..
examples
argp.texi
arith.texi Doc fix for 'frexp' in arith.texi 2013-05-28 17:20:24 -04:00
charset.texi
conf.texi
contrib.texi
creature.texi
crypt.texi
ctype.texi
debug.texi Add nptl manual chapter 2013-03-14 12:37:42 +05:30
dir
errno.texi [BZ #14256] 2013-05-30 05:51:22 -06:00
fdl-1.3.texi
filesys.texi
freemanuals.texi
getopt.texi
header.texi
install.texi CVE-2013-2207, BZ #15755: Disable pt_chown. 2013-07-21 15:39:55 -04:00
intro.texi
io.texi
job.texi
lang.texi
lgpl-2.1.texi
libc-texinfo.sh Add @detailmenu to subsection node listing 2013-02-24 21:05:58 +10:00
libc.texinfo
libcbook.texi
libm-err-tab.pl Remove trailing whitespace. 2013-06-05 20:44:03 +00:00
llio.texi BZ#15361: Make aio_fsync not check open modes. 2013-04-12 13:11:20 -07:00
locale.texi
macros.texi
maint.texi
Makefile Rename nptl.texi to threads.texi 2013-03-19 14:28:20 +05:30
math.texi
memory.texi manual: Sort mallopt M_* parameters alphabetically 2013-03-17 16:03:02 -04:00
message.texi manual/message.texi: Fix english and clarify. 2013-05-07 12:33:44 -04:00
nss.texi
nsswitch.texi
pattern.texi
pipe.texi
platform.texi * manual/platform.texi: Add missing @end deftypefun. 2013-05-26 18:06:30 +02:00
process.texi
resource.texi
search.texi
setjmp.texi
signal.texi
socket.texi Fix menu ordering in socket.texi. 2013-02-24 21:06:00 +10:00
startup.texi
stdio-fp.c
stdio.texi
string.texi
summary.awk
sysinfo.texi
syslog.texi
terminal.texi
texinfo.tex Update texinfo.tex. 2013-06-25 17:21:48 +00:00
texis.awk
threads.texi Add documentation for default pthread attribute functions 2013-06-15 12:27:41 +05:30
time.texi
tsort.awk
users.texi
xtract-typefun.awk