On 08/19/2013 09:52 AM, Ragnar Thomsen wrote: > In glibc 2.18, the pt_chown binary no longer gets installed by default > due to security reasons. This resulted for me in konsole not working. > I tracked the issue down to the missing pt_chown binary. > > pt_chown can still be installed by supplying the switch > --enable-pt_chown to glibc, but as the binary was removed due to > security reasons, I don't think this is the right approach for B/LFS. > Instead I found that changing the gid of group tty to 5 fixed konsole > (the tty group had a gid of 4 on my system). It appears the gid of tty > needs to be the same as the devpts filesystem is mounted with (which > is 5 in LFS). This issue may also affect other terminal emulators. > > See this thread: > http://sourceware-org.1504.n7.nabble.com/PATCH-BZ-15755-CVE-2013-2207-pt-chown-tricked-into-granting-access-to-another-users-pseudo-terminal-td238852.html > > I suggest we add the tty group with gid 5 to the "About System Users > and Groups" in BLFS and maybe also add a note to the konsole page. > The command explanation for the "--libexecdir=/usr/lib/glibc" switch > in glibc in LFS also needs to be changed, since pt_chown is no longer > installed. > > Sincerely, > Ragnar >
http://www.linuxfromscratch.org/lfs/view/development/chapter06/createfiles.html tty is gid 5 here and is added in LFS. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
