Bug#859003: systemd-container: strange permissions on /dev/pts/ptmx
Felipe Sateler
fsateler at debian.org
Wed Mar 29 15:00:33 BST 2017
On Wed, Mar 29, 2017 at 10:07 AM, Russell Coker <russell at coker.com.au> wrote:
> Package: systemd-container
> Version: 232-22
> Severity: normal
>
> # grep pts /proc/mounts
> devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
> # ls -l /dev/pts/ptmx
> c---------. 1 root root 5, 2 Mar 20 21:51 /dev/pts/ptmx
>
> The above is from a regular Debian/unstable shell.
>
> # grep pts /proc/mounts
> devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666 0 0
> # ls -l /dev/pts/ptmx
> crw-rw-rw-. 1 root root 5, 2 Mar 30 2017 /dev/pts/ptmx
>
> The above is from a shell run from a chroot managed by systemd-nspawn. I have
> systemd-nspawn starting the below shell script that runs sshd, so nothing in
> the chroot environment has any effect on mount options.
>
> Why does the virtual environment created by systemd-nspawn have different
> permissions for /dev/pts/ptmx than the outside environment? I am not claiming
> that what systemd-nspawn is doing is inherently wrong (it might be the correct
> thing for other distributions), but I believe that it should be consistent with
> the main Debian environment. It is plausible that systemd-nspawn is correct
> here and the rest of Debian is wrong, if so please reassign the bug
> appropriately. But as a security person I'm leaning towards minimum privileges
> being the correct choice, which means mode 0 would be correct and mode 666
> (as used by systemd-nspawn) would be a bug.
>From the kernel documentation:
> As an option instead of placing a /dev/ptmx device node at /dev/ptmx
> it is possible to place a symlink to /dev/pts/ptmx at /dev/ptmx or
> to bind mount /dev/ptx/ptmx to /dev/ptmx. If you opt for using
> the devpts filesystem in this manner devpts should be mounted with
> the ptmxmode=0666, or chmod 0666 /dev/pts/ptmx should be called.
And indeed nspawn sets up /dev/ptmx as a symlink, while debian host
does not do that. In the host, /dev/ptmx has 0666 permissions.
[1] https://www.kernel.org/doc/Documentation/filesystems/devpts.txt
--
Saludos,
Felipe Sateler
More information about the Pkg-systemd-maintainers
mailing list