Disable legacy (BSD) PTY support

An XCCDF Rule

Details
Profiles
Prose

Description

Disable the Linux traditional BSD-like terminal names /dev/ptyxx for masters and /dev/ttyxx for slaves of pseudo terminals, and use only the modern ptys (devpts) interface. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_LEGACY_PTYS, run the following command: grep CONFIG_LEGACY_PTYS /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

The legacy scheme has a number of security problems.

ID: xccdf_org.ssgproject.content_rule_kernel_config_legacy_ptys
Severity: Medium
References: BP28(R23)
Updated: about 1 year ago