tl;dr: make sure your /dev/pts is mounted correctly w/gid=5 or bad things will happen and it's (probably) all your fault
when you run grantpt(), glibc attempts to set up your pty with correct ownership & permissions. it does so by executing a setuid helper called pt_chown as needed. we all know setuid==bad, so let's do something about it. this system is a throw back to the bad old bsd pty days where you had a ton of pre-allocated nodes in /dev/ named pty??. since the user has requested a new pty, the system had to make sure it had correct permissions before giving it back (it might be the default of root:root, or it might have the previous user's settings which would be super bad). this system sucks for many reasons. with Linux, we have devpts mounted at /dev/pts/ which provides dynamic UNIX 98 ptys via the /dev/ptmx control node. the kernel knows that when you request a new pty, the sane thing is to set the default uid/gid to your own process's uid/gid. it even goes further and allows you to specify (at mount time) default gid/permissions. with openrc (and in baselayout-1.12, but i'm pretty sure it's been this way for even longer), our default mount uses gid=5 (the tty group) and mode=620 (what we want). that means when a new pty is requested, the kernel automatically sets the ownership of the new file to the process's uid and the mounted group setting (tty), as well as setting the perms to 620. back to glibc, when you call grantpt(), it checks the current uid/gid/mode. if they all match what it expects (and it should with our default devpts mount opts), it returns w/out doing any real work (like calling the setuid pt_chown helper). that means this binary is sitting around with setuid perms for no good reason. i plan on updating the latest glibc to add USE=suid. in pkg_preinst and ROOT==/, the ebuild will read /proc/mounts for a devpts line with gid=5. if it doesn't find one, i'll have it call `die`. if the bsd pty scenario wasn't long dead, and the devpts option didn't have gid=/mode= options, then it might be reasonable to have it warn and do `chmod +s`. but i can't think of any legitimate reasons for not using devpts & mounting it correctly. this is the right answer even in the embedded world. -mike
signature.asc
Description: This is a digitally signed message part.
