diff options
| author | Carlos O'Donell <carlos@redhat.com> | 2013-07-19 02:42:03 -0400 |
|---|---|---|
| committer | Carlos O'Donell <carlos@redhat.com> | 2013-07-21 15:39:55 -0400 |
| commit | e4608715e6e1dd2adc91982fd151d5ba4f761d69 (patch) | |
| tree | 04bc13d3736e14045f0f9fc37e0303a067f943cf /configure.in | |
| parent | da2d62df77de66e5de5755228759f8bc18481871 (diff) | |
CVE-2013-2207, BZ #15755: Disable pt_chown.
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
Diffstat (limited to 'configure.in')
| -rw-r--r-- | configure.in | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/configure.in b/configure.in index 4db1acf115..769e8eff66 100644 --- a/configure.in +++ b/configure.in @@ -353,6 +353,16 @@ AC_ARG_ENABLE([nscd], [use_nscd=$enableval], [use_nscd=yes]) +AC_ARG_ENABLE([pt_chown], + [AS_HELP_STRING([--enable-pt_chown], + [Enable building and installing pt_chown])], + [build_pt_chown=$enableval], + [build_pt_chown=no]) +AC_SUBST(build_pt_chown) +if test $build_pt_chown = yes; then + AC_DEFINE(HAVE_PT_CHOWN) +fi + # The way shlib-versions is used to generate soversions.mk uses a # fairly simplistic model for name recognition that can't distinguish # i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os |