-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
Description
For some distributions, commit 03cfe0d appears to have completely broken pty allocation for non-root processes; I've seen this reported on IRC several times.
In the past, a new pty would be initially owned by root, and glibc would call the /usr/lib/pt_chown setuid helper to change ownership to the caller's UID. But devpts already creates ptys owned by the correct uid (and has done so for many years), so recent glibc versions no longer include pt_chown.
However, nspawn now mounts /dev/pts with an uid= explicitly specified, which forces devpts to always create ptys owned by the fixed uid 5. This means non-root programs can no longer use the ptys they create.
(In older distributions, pt_chown is still included, and it "hides" the problem. Also, having gid=5 is ok; the bug is specifically about uid=.)
Quick test: exec {fd}</dev/ptmx && ls -l /dev/pts/ && exec {fd}<&-