CVE-2013-2207, BZ #15755: Disable pt_chown.

The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.

Pre-conditions for the attack:

 * Attacker with local user account
 * Kernel with FUSE support
 * "user_allow_other" in /etc/fuse.conf
 * Victim with allocated slave in /dev/pts

Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own.  It cannot access /dev/pts/ptmx however.

In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.

Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69.

1 files changed, 10 insertions, 0 deletions

diff --git a/configure.in b/configure.in
index 5028e6411e..7bac2f75ac 100644
--- a/configure.in
+++ b/configure.in
@@ -292,6 +292,16 @@ void foo (int i, void *p)
   fi
 fi
 
+AC_ARG_ENABLE([pt_chown],
+	      [AS_HELP_STRING([--enable-pt_chown],
+	       [Enable building and installing pt_chown])],
+	      [build_pt_chown=$enableval],
+	      [build_pt_chown=no])
+AC_SUBST(build_pt_chown)
+if test $build_pt_chown = yes; then
+  AC_DEFINE(HAVE_PT_CHOWN)
+fi
+
 # The way shlib-versions is used to generate soversions.mk uses a
 # fairly simplistic model for name recognition that can't distinguish
 # i486-pc-linux-gnu fully from i486-pc-gnu.  So we mutate a $host_os