[Pbuilder-maint] Bug#453862: Wrong mounting devpts
Klaus Ethgen
Klaus at Ethgen.de
Sat Dec 1 19:51:24 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: pbuilder
Version: 0.174
Severity: critical
This is critical as the whole system security may be affected.
pbuilder uses the following command to mount devpts:
mount -t devpts /dev/pts "$BUILDPLACE/dev/pts"
A consultation of the mount man page:
Mount options for devpts
The devpts file system is a pseudo file system, traditionally
mounted on /dev/pts. In order to acquire a pseudo terminal, a
process opens /dev/ptmx; the number of the pseudo terminal is
then made available to the process and the pseudo terminal slave
can be accessed as /dev/pts/<number>.
uid=value and gid=value This sets the owner or the group of
newly created PTYs to the specified values. When nothing
is specified, they will be set to the UID and GID of the
creating process. For example, if there is a tty group
with GID 5, then gid=5 will cause newly created PTYs to
belong to the tty group.
mode=value Set the mode of newly created PTYs to the specified
value. The default is 0600. A value of mode=620 and
gid=5 makes "mesg y" the default on newly created
PTYs.
This is wrong (and another bug of the mount package). The default for
the gid is 0 which will end in a explicit of 43(utmp) for xterms which
are setgid 43 or whatever the group of the process is.
So if using the default USEDEVPTS=yes the /dev/pts inside the chroot
will be mounted with no gid setting. As the kernel share for the devpts
fs is shared between all devpts the gid setting of
/etc/init.d/mountdevsubfs.sh gets reseted.
End of the game is that after using pbuilder the devpts has the wrong
mount options.
So please use the same settings than /etc/init.d/mountdevsubfs.sh for
mounting the devpts inside the chroot. (By the way, /proc/mounts don't
show the gid setting.)
- -- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (800, 'stable'), (700, 'testing'), (600, 'unstable'), (500, 'oldstable'), (60, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.4.35.3
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Versions of packages pbuilder depends on:
ii cdebootstrap 0.3.15 Bootstrap a Debian system
ii coreutils 5.97-5.3 The GNU core utilities
ii debianutils 2.17 Miscellaneous utilities specific t
ii debootstrap 0.3.3.2etch1 Bootstrap a basic Debian system
ii gcc 4:4.1.1-15 The GNU C compiler
ii wget 1.10.2-2 retrieves files from the web
Versions of packages pbuilder recommends:
ii cowdancer 0.25 Copy-on-write directory tree utili
ii devscripts 2.10.11 Scripts to make the life of a Debi
ii fakeroot 1.5.10 Gives a fake root environment
ii sudo 1.6.8p12-4 Provide limited super user privile
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR1G7PJ+OKpjRpO3lAQITMggAskVi8LkhYFZc5i160qWhzsGLNwulqjLT
Jpxb9Pn7IzMVMAtRKUA47ESEMZ/tMZ5gjmA5I6hQXuKQwc+iOEdMIpsEWX0Ycd1+
VKrpuuOkDKM1AocQuYexEcv+SZZhfNvlrWG7zQOqKOos7FbL9K4K5drYcQRqIjCA
vXzrsMkhzV4SQ+ar0rLkaAzl9yC35AdYhBFJNgbG28aUc9n2kMIHAUHK8Sqn9TMB
EvyHYjcQYJv87ILuL62sxhVQksXzEeGr/iZGnFmXLcVWRHvRXUuhc/kaD/gwEpEZ
qqeULN3SilXqWnO3xpBa2p8HXKIiC2+x2LAOGBmV3BQE+jzt8x75aA==
=K+ZJ
-----END PGP SIGNATURE-----
More information about the Pbuilder-maint
mailing list