Bug#453862: [Pbuilder-maint] Bug#453862: Wrong mounting devpts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Mi den 26. Dez 2007 um 12:22 schrieb Junichi Uekawa: So if using the default USEDEVPTS=yes the /dev/pts inside the chroot will be mounted with no gid setting. As the kernel share for the devpts fs is shared between all devpts the gid setting of /etc/init.d/mountdevsubfs.sh gets reseted. This sounds like a kernel misfeature, and /me checks fs/devpts/inode.c... Yup, looks like it. I agree completely. System security doesn't seem too much affected because it only resets to root:root 600 (a tighter permission than the default). Well, yes and no. The Permissions are resetted to 0 NOT root (which is the same p/gid). That means that it is not anymore sticky as when a value is specified. So the handling is completely changed. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen [EMAIL PROTECTED] Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR3OBlJ+OKpjRpO3lAQLREwf+LP+dPSsdhawAb/I8Ad3cZqGj2zdR39rk LpIk8DoJTldHSaA0mdP9PNm0OWoq1JImFDgZsHZfBsqmduKGT86H3jCdZ8cHat9q TFgfGuD4OzBxFxjt/0vIUv51do1AkfucbSvuCeQGm83BpZbSdWEikX+Esu/IjTiA YC6ne2dQd/cj6PTU1KyozcdoJ31Lp4pzLJSogvzKyC7ddCJV5Q3MbI6PtYuTsgsp PGx0NCk6rkXfCJmNQ2WOXpu/+UJK3wEu3MYIvQ+hZXvPr/kp58MF8504uE9Pjpwz BBS7E93Hu1V0maG0yJzXr69hWDy7N9JhREtyMObwOix2NVM6iHhyKg== =9vI/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453862: [Pbuilder-maint] Bug#453862: Wrong mounting devpts
Hi, This is critical as the whole system security may be affected. So if using the default USEDEVPTS=yes the /dev/pts inside the chroot will be mounted with no gid setting. As the kernel share for the devpts fs is shared between all devpts the gid setting of /etc/init.d/mountdevsubfs.sh gets reseted. This sounds like a kernel misfeature, and /me checks fs/devpts/inode.c... Yup, looks like it. System security doesn't seem too much affected because it only resets to root:root 600 (a tighter permission than the default). Looking at the source, it doesn't have any interface exposing the current configuration. Hmm... regards, junichi -- [EMAIL PROTECTED],netfort.gr.jp} Debian Project -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453862: [Pbuilder-maint] Bug#453862: Wrong mounting devpts
Package: pbuilder Version: 0.174 Severity: critical This is critical as the whole system security may be affected. pbuilder uses the following command to mount devpts: mount -t devpts /dev/pts $BUILDPLACE/dev/pts It seems like it's: TTYGRP=5 TTYMODE=620 [ -f /etc/default/devpts ] . /etc/default/devpts domount devpts /dev/pts devpts -onoexec,nosuid,gid=$TTYGRP,mode=$TTYMODE so I can do similar in pbuilder. I really don't like the look of this because it's some random config which is shared between inside the chroot and outside of chroot, but it needs fixing. regards, junichi -- [EMAIL PROTECTED],netfort.gr.jp} Debian Project -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]