* [LTP] pty: Update slave device permission check to allow 0600
@ 2025-03-31 8:19 Dan Carpenter
2025-03-31 11:39 ` Cyril Hrubis
2025-04-01 7:15 ` Petr Vorel
0 siblings, 2 replies; 4+ messages in thread
From: Dan Carpenter @ 2025-03-31 8:19 UTC (permalink / raw)
To: ltp
Systemd changed the default permissions for PTY slave devices from 0620
to 0600 in response to CVE-2024-28085. Allow either 0620 or 0600 as
valid permissions.
Link: https://security-tracker.debian.org/tracker/CVE-2024-28085
Link: https://github.com/systemd/systemd/commit/a4d18914751e687c9e44f22fe4e5f95b843a45c8
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
diff --git a/testcases/kernel/pty/common.h b/testcases/kernel/pty/common.h
index 51760b1d39fa..7cda16096d4d 100644
--- a/testcases/kernel/pty/common.h
+++ b/testcases/kernel/pty/common.h
@@ -54,7 +54,8 @@ static inline int open_slave(const int masterfd)
st.st_uid, uid);
}
- if (st.st_mode != (S_IFCHR | 0620)) {
+ if (st.st_mode != (S_IFCHR | 0620) &&
+ st.st_mode != (S_IFCHR | 0600)) {
tst_brk(TBROK, "unexpected slave device permission: %o",
st.st_mode);
}
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [LTP] pty: Update slave device permission check to allow 0600
2025-03-31 8:19 [LTP] pty: Update slave device permission check to allow 0600 Dan Carpenter
@ 2025-03-31 11:39 ` Cyril Hrubis
2025-03-31 12:56 ` Petr Vorel
2025-04-01 7:15 ` Petr Vorel
1 sibling, 1 reply; 4+ messages in thread
From: Cyril Hrubis @ 2025-03-31 11:39 UTC (permalink / raw)
To: Dan Carpenter; +Cc: ltp
Hi!
> Systemd changed the default permissions for PTY slave devices from 0620
> to 0600 in response to CVE-2024-28085. Allow either 0620 or 0600 as
> valid permissions.
>
> Link: https://security-tracker.debian.org/tracker/CVE-2024-28085
> Link: https://github.com/systemd/systemd/commit/a4d18914751e687c9e44f22fe4e5f95b843a45c8
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> Tested-by: Anders Roxell <anders.roxell@linaro.org>
>
> diff --git a/testcases/kernel/pty/common.h b/testcases/kernel/pty/common.h
> index 51760b1d39fa..7cda16096d4d 100644
> --- a/testcases/kernel/pty/common.h
> +++ b/testcases/kernel/pty/common.h
> @@ -54,7 +54,8 @@ static inline int open_slave(const int masterfd)
> st.st_uid, uid);
> }
>
> - if (st.st_mode != (S_IFCHR | 0620)) {
> + if (st.st_mode != (S_IFCHR | 0620) &&
> + st.st_mode != (S_IFCHR | 0600)) {
> tst_brk(TBROK, "unexpected slave device permission: %o",
> st.st_mode);
> }
Looks good to me:
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] pty: Update slave device permission check to allow 0600
2025-03-31 11:39 ` Cyril Hrubis
@ 2025-03-31 12:56 ` Petr Vorel
0 siblings, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2025-03-31 12:56 UTC (permalink / raw)
To: Cyril Hrubis; +Cc: ltp, Dan Carpenter
Hi all,
> Hi!
> > Systemd changed the default permissions for PTY slave devices from 0620
> > to 0600 in response to CVE-2024-28085. Allow either 0620 or 0600 as
> > valid permissions.
> > Link: https://security-tracker.debian.org/tracker/CVE-2024-28085
> > Link: https://github.com/systemd/systemd/commit/a4d18914751e687c9e44f22fe4e5f95b843a45c8
> > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> > Tested-by: Anders Roxell <anders.roxell@linaro.org>
> > diff --git a/testcases/kernel/pty/common.h b/testcases/kernel/pty/common.h
> > index 51760b1d39fa..7cda16096d4d 100644
> > --- a/testcases/kernel/pty/common.h
> > +++ b/testcases/kernel/pty/common.h
> > @@ -54,7 +54,8 @@ static inline int open_slave(const int masterfd)
> > st.st_uid, uid);
> > }
> > - if (st.st_mode != (S_IFCHR | 0620)) {
> > + if (st.st_mode != (S_IFCHR | 0620) &&
> > + st.st_mode != (S_IFCHR | 0600)) {
> > tst_brk(TBROK, "unexpected slave device permission: %o",
> > st.st_mode);
> > }
> Looks good to me:
> Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
LGTM as well.
I was thinking a bit if whether to check just for owner
permission and ignore group or other, e.g.:
st.st_mode != (S_IFCHR | S_ISUID | S_ISGID)) {
But we probably want strict permission checking, thus:
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] pty: Update slave device permission check to allow 0600
2025-03-31 8:19 [LTP] pty: Update slave device permission check to allow 0600 Dan Carpenter
2025-03-31 11:39 ` Cyril Hrubis
@ 2025-04-01 7:15 ` Petr Vorel
1 sibling, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2025-04-01 7:15 UTC (permalink / raw)
To: Dan Carpenter; +Cc: ltp
Hi all,
> Systemd changed the default permissions for PTY slave devices from 0620
> to 0600 in response to CVE-2024-28085. Allow either 0620 or 0600 as
> valid permissions.
Thanks, merged!
Kind regards,
Petr
> Link: https://security-tracker.debian.org/tracker/CVE-2024-28085
> Link: https://github.com/systemd/systemd/commit/a4d18914751e687c9e44f22fe4e5f95b843a45c8
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> Tested-by: Anders Roxell <anders.roxell@linaro.org>
> diff --git a/testcases/kernel/pty/common.h b/testcases/kernel/pty/common.h
> index 51760b1d39fa..7cda16096d4d 100644
> --- a/testcases/kernel/pty/common.h
> +++ b/testcases/kernel/pty/common.h
> @@ -54,7 +54,8 @@ static inline int open_slave(const int masterfd)
> st.st_uid, uid);
> }
> - if (st.st_mode != (S_IFCHR | 0620)) {
> + if (st.st_mode != (S_IFCHR | 0620) &&
> + st.st_mode != (S_IFCHR | 0600)) {
> tst_brk(TBROK, "unexpected slave device permission: %o",
> st.st_mode);
> }
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-04-01 7:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-31 8:19 [LTP] pty: Update slave device permission check to allow 0600 Dan Carpenter
2025-03-31 11:39 ` Cyril Hrubis
2025-03-31 12:56 ` Petr Vorel
2025-04-01 7:15 ` Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox