The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
It is the magnitude of the return value which lies
in [0.5, 1), not the return value itself.
---
2013-05-28 Ben North <ben@redfrontdoor.org>
* manual/arith.texi (frexp): It is the magnitude of the return
value which lies in [0.5, 1), not the return value itself.
Rewrite the first paragraph to talk about users not humans,
and to use correct English.
Clarify that it is the mapping of messages to IDs that
impacts the design of the message translation API.
---
2013-05-07 Carlos O'Donell <carlos@redhat.com>
* manual/message.texi (Message Translation): Talk about users.
Message to key mapping impacts design.
This adds the base chapter for POSIX threads and also documentation
for thread-specific data, along with a note on its interaction with
C++11 thread_local variables.
Surround the "Detailed Node Listing" section of the info page menu with
@detailmenu flags to avoid confusing texinfo. Resolves a large number
of warnings printed by texinfo-5.0.
The glob flags page reads as if this section is comprehensive when it
is not -- a lot of GNU extensions exist. Point that out in the intro.
Reviewed-by: Carlos O'Donell <carlos@systemhalted.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The More Flags for Globbing section indirectly mentions gl_flags when
talking about GLOB_MAGCHAR. Mention it explicitly when covering the
glob_t types.
Reviewed-by: Carlos O'Donell <carlos@systemhalted.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Putting @cartouche inside of @smallexample does not work with HTML output
as the former produces a <table> while the latter produces a <pre>. You
cannot nest a <table> in a <pre> as the contents are no longer formatted.
Since it's entirely unnecessary, and none of the other examples do this,
just drop the cartouche.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
