Package: initramfs-tools Version: 0.145 Severity: important Hi,
in the past there were security concerns (and security issues raised) around other users writing to each others terminals. Some of this was workarounded in util-linux, cf. CVE-2024-28085. A fuller fix is to disallow writing unrelated users to each other's terminals by default. I understand it might be a bit late for this bug report to reach you, but I /thought/ systemd mounts /dev/pts as part of its boot process. systemd has (after taking some time) applied their part of the fix, but it turns out systemd does -not- mount or remount /dev/pts in Debian's default setup. Instead the mount flags from initramfs-tools are used. Theoretically we have TTYPERM in /etc/login.defs, but it appears almost nothing cares about this value. Please find a patch attached following the change from 0620 to 0600 for initramfs-tools. Please apply this for trixie. Again sorry for not sending this earlier, I didn't realise initramfs-tools was involved. Thanks, Chris
>From 319cdc98f15d3213f58610141a84b5c67a8a1ebc Mon Sep 17 00:00:00 2001 From: Chris Hofstaedtler <[email protected]> Date: Thu, 6 Mar 2025 22:44:01 +0100 Subject: [PATCH] Tighten /dev/pts permissions Apply a fuller fix for CVE-2024-28085 and remove g+w from pseudo-terminals by default. Signed-off-by: Chris Hofstaedtler <[email protected]> --- init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init b/init index 5552c64..1bd9669 100755 --- a/init +++ b/init @@ -42,7 +42,7 @@ mount -t devtmpfs -o nosuid,mode=0755 udev /dev [ ! -h /dev/stderr ] && ln -s /proc/self/fd/2 /dev/stderr mkdir /dev/pts -mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts || true +mount -t devpts -o noexec,nosuid,gid=5,mode=0600 devpts /dev/pts || true # Export the dpkg architecture export DPKG_ARCH= -- 2.47.2
