Red Hat Bugzilla – Bug 9537
/usr/libexec/pt_chown is setuid to root
Last modified: 2016-11-24 09:54:25 EST
Well, I know that some people have complained about pt_chown not being
setuid to root in RH 6.1, but I'd like to recommend that it still be
non-setuid in RH 6.2.
Here are my reasons:
- you don't need pt_chown setuid if you use devpts
- everyone should be using devpts if they have a standard RH 6.2 setup
- as such, leaving pt_chown setuid to root is a bad idea if the vast
majority of people will never use it. Everyone has to install glibc, so
there will be an unnecessary setuid program on every RH system out there.
- if you take the setuid bit off it now, you won't have to worry about
having to audit it ever again. Even if some future release of glibc
accidentally breaks it, or if something else causes it to be unsafe, with
the setuid bit removed it can't hurt anyone.
assign to jakub
RHL9 does not have pt_chown with the SUID/SGID bit set.