| Bug ID | 1004049 |
|---|---|
| Summary | /usr/bin/socat ... openpty() is not allowd to do chown of resulting /dev/pts/ device |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.1 |
| Hardware | All |
| OS | openSUSE 42.1 |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | werner@suse.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Even with apparmor disabled I see in the strace
close(8) = 0
close(7) = 0
chown("/dev/pts/8", 223, 5) = -1 EPERM (Operation not permitted)
close(6) = 0
which makes this tool useless for normal users.
Beside this: why we do have setcap/getcap installed by default? With this we
would be able to set permissions based on capabilities for tools like setcap
and ping, ping6, ... in the %post install section of the rpm of the affected
tools