Bug#717544: CVE-2013-2207: pt_chown

To: 717544@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#717544: CVE-2013-2207: pt_chown
From: Adam Conrad <adconrad@debian.org>
Date: Sat, 1 Mar 2014 05:43:50 -0700
Message-id: <[🔎] 20140301124350.GY22181@0c3.net>
Reply-to: Adam Conrad <adconrad@debian.org>, 717544@bugs.debian.org

reopen 717544
kthxbye

This isn't done, actually.  After breaking several systems of my own
and fellow developers turning it off in Ubuntu very briefly, I flipped
it back on.

This needs some solid thought on how we can prevent users from shooting
themselves in the foot, since the default mount options for /dev/pts
and /dev/ptmx break running systems *and* people are used to doing
things like "mount -t devpts devpts-foo chroot-foo/dev/pts", which will
update the mount options for the system devpts as well.

I think the sanest approach would be to hardcode the defaults into
mount itself (which I plan to do when I get the round tuits), and maybe
even suggest a default in the kernel as well, and then push the mount
and glibc changes together, especially if we intend to backport this
to stable releases.

... Adam

Reply to:

Follow-Ups:
- Processed: CVE-2013-2207: pt_chown
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#717544: marked as done (CVE-2013-2207: pt_chown)
Next by Date: Processed: CVE-2013-2207: pt_chown
Previous by thread: Bug#717544: marked as done (CVE-2013-2207: pt_chown)
Next by thread: Processed: CVE-2013-2207: pt_chown
Index(es):
- Date
- Thread