[lxc-devel] [lxc/lxc] 67e5a2: Improper pty permissions - missing mode=0620, gid=...
GitHub
noreply at github.com
Wed Oct 16 16:47:18 UTC 2013
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 67e5a20ad1b5579a571f43f7dd8a1556a8bea7a1
https://github.com/lxc/lxc/commit/67e5a20ad1b5579a571f43f7dd8a1556a8bea7a1
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2013-10-16 (Wed, 16 Oct 2013)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
Improper pty permissions - missing mode=0620, gid=5
This fix is coming from Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
The reason for the hardcoded gid= and mode= is because of the fix for
CVE-2013-2207 which removes pt_chown from glibc and so requires proper
write access to devpts.
It looks like the "tty" group is guaranteed to be gid=5 on at least all
RedHat based and Debian based systems. So this hardcode gid shouldn't be
a big problem. If we however support any distro where that's not the
case, we'll need to implement an extra lxc.conf option and matching
template changes.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
More information about the lxc-devel
mailing list