[LTP] pty: Update slave device permission check to allow 0600
Petr Vorel
pvorel@suse.cz
Mon Mar 31 14:56:40 CEST 2025
Hi all,
> Hi!
> > Systemd changed the default permissions for PTY slave devices from 0620
> > to 0600 in response to CVE-2024-28085. Allow either 0620 or 0600 as
> > valid permissions.
> > Link: https://security-tracker.debian.org/tracker/CVE-2024-28085
> > Link: https://github.com/systemd/systemd/commit/a4d18914751e687c9e44f22fe4e5f95b843a45c8
> > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> > Tested-by: Anders Roxell <anders.roxell@linaro.org>
> > diff --git a/testcases/kernel/pty/common.h b/testcases/kernel/pty/common.h
> > index 51760b1d39fa..7cda16096d4d 100644
> > --- a/testcases/kernel/pty/common.h
> > +++ b/testcases/kernel/pty/common.h
> > @@ -54,7 +54,8 @@ static inline int open_slave(const int masterfd)
> > st.st_uid, uid);
> > }
> > - if (st.st_mode != (S_IFCHR | 0620)) {
> > + if (st.st_mode != (S_IFCHR | 0620) &&
> > + st.st_mode != (S_IFCHR | 0600)) {
> > tst_brk(TBROK, "unexpected slave device permission: %o",
> > st.st_mode);
> > }
> Looks good to me:
> Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
LGTM as well.
I was thinking a bit if whether to check just for owner
permission and ignore group or other, e.g.:
st.st_mode != (S_IFCHR | S_ISUID | S_ISGID)) {
But we probably want strict permission checking, thus:
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Kind regards,
Petr
More information about the ltp
mailing list