Bug#717544: CVE-2013-2207: Remove pt_chown

To: 717544@bugs.debian.org
Cc: 717544-submitter@bugs.debian.org, control@bugs.debian.org
Subject: Bug#717544: CVE-2013-2207: Remove pt_chown
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 06 Aug 2015 07:15:01 +0200
Message-id: <[🔎] 87lhdpf162.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 717544@bugs.debian.org

retitle 717544 CVE-2013-2207: Remove pt_chown
thanks

Can we please make another attempt at removing pt_chown, either
completely or by removing the SUID bit?  The current devpts file
system is set up in such a way that this is not necessary.  Fedora and
Red Hat Enterprise Linux 7 already ship without pt_chown, apparently
without ill effects.  The Debian software I have checked sets up
/dev/pts with the gid=5 option, which means that pt_chown should be
unnecessary as well.

We also need to get this change into stable, maybe even oldstable.

Reply to:

Follow-Ups:
- Processed: CVE-2013-2207: Remove pt_chown
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#717544: CVE-2013-2207: Remove pt_chown
  - From: Samuel Thibault <sthibault@debian.org>

Prev by Date: Na Alemanha, trabalhadores dão aula de solidariedade - por Isaía Dale, da CUT
Next by Date: Processed: CVE-2013-2207: Remove pt_chown
Previous by thread: Na Alemanha, trabalhadores dão aula de solidariedade - por Isaía Dale, da CUT
Next by thread: Processed: CVE-2013-2207: Remove pt_chown
Index(es):
- Date
- Thread