Re: ptys and Unix98

H. Peter Anvin (hpa@transmeta.com)
15 Jan 1998 18:12:44 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Woodhouse: "Re: Modular sound and kerneld"
Previous message: Geis Jerry: "offtopic: timeconfig on Redhat 5.0"
Maybe in reply to: C. Scott Ananian: "ptys and Unix98"

Followup to: <Pine.SUN.3.96.980115042226.3445A-100000@amsterdam.lcs.mit.edu>
By author: "C. Scott Ananian" <cananian@lcs.mit.edu>
In newsgroup: linux.dev.kernel
>
> I propose an ioctl to toggle the permissions on a given (open) pty.
> One mode would allow anyone permitted by the on-disk file permissions to
> open the pty, the other would restrict access as specified by grantpt().
> The default setting on pty open could be user-configurable. Unix98
> requires an unlockpt() function call to explicitly unlock the pty before
> open, so a 'lock permissions on open' configuration would work for all
> glibc applications (once the support makes it into glibc, of course), and
> provide extra security for old-style applications. [Unix98 semantics seem
> to be that the state of a pty is uncertain until unlockpt() or grantpt()
> is called, so either default would be compliant].
>
> Do people want to see this functionality in the kernel?
> --Scott
>
> [Note that this is a completely separate issue/patch from my previous
> work providing support for the /dev/ptmx device and ptsname(). Strictly
> speaking, Unix98 compatibility requires ptsname support, but does not
> require the permissions hack we are currently discussing -- as mentioned
> above, grantpt() can be implemented via fork() and exec(), and unlockpt()
> can be a no-op.]
> @ @

I'm concerned about separating this functionality because it opens up
additional potential security holes. If you create the device nodes,
set the ownership, and the modes, all at one time, you know what
you're dealing with and if you do it from kernel space you can
trivially guarantee that nothing else is getting in between.

Hence my suggestion that opening /dev/ptmx should create the
appropriate /dev/pts/* device node in place with the right owner and
permssions. The grantpt() call would then be a noop, as far as I
understand.

-hpa

-- 
    PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD  1E DF FE 69 EE 35 BD 74
    See http://www.zytor.com/~hpa/ for web page and full PGP public key
        I am Bahá'í -- ask me about it or see http://www.bahai.org/
   "To love another person is to see the face of God." -- Les Misérables

Next message: David Woodhouse: "Re: Modular sound and kerneld"
Previous message: Geis Jerry: "offtopic: timeconfig on Redhat 5.0"
Maybe in reply to: C. Scott Ananian: "ptys and Unix98"