Date: Tue, 19 Apr 2016 15:42:13 -0500
From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@amacapital.net>, security@debian.org,
        "security@kernel.org" <security@kernel.org>,
        Al Viro <viro@zeniv.linux.org.uk>,
        "security@ubuntu.com >> security" <security@ubuntu.com>,
        Peter Hurley <peter@hurleysoftware.com>,
        Serge Hallyn <serge.hallyn@ubuntu.com>, Willy Tarreau <w@1wt.eu>,
        Aurelien Jarno <aurelien@aurel32.net>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Jann Horn <jann@thejh.net>, Greg KH <greg@kroah.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jiri Slaby <jslaby@suse.com>, Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Does anyone care about a race free ptsname?
Message-ID: <20160419204213.GA32593@mail.hallyn.com>
References: <CA+55aFw62q5bjNiK7Q9dEQQEDZs5fbUxNPxDq376OZJ6JKT=Rg@mail.gmail.com>
 <CALCETrUZ=QVZbTCr3gvhSd2-j_U4R02y5fCxbddG_HsQdnuBkw@mail.gmail.com>
 <CA+55aFzs00iDkYhvFCq=AZMVcNL0+oZT4SeimTeVurJq=5ZS3A@mail.gmail.com>
 <CALCETrUQ_Oad61dYvPpYFxDBT++jhZoAT3e4n4yiu22iTNcxNQ@mail.gmail.com>
 <CALCETrUJ_KuGJoVxuUjWGCNHBNs5Vk8E68MtsWoTdURJ+=iJnQ@mail.gmail.com>
 <CA+55aFzchGpOp0R0RjM6Bsk23GWp1t76fgFi8q6FZQndHq5EtA@mail.gmail.com>
 <570D4781.3070600@zytor.com>
 <877ffyzy1j.fsf_-_@x220.int.ebiederm.org>
 <alpine.LFD.2.20.1604161105040.30857@i7>
 <87inzdmo9z.fsf_-_@x220.int.ebiederm.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87inzdmo9z.fsf_-_@x220.int.ebiederm.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1654
Lines: 46

Quoting Eric W. Biederman (ebiederm@xmission.com):
> Linus Torvalds <torvalds@linux-foundation.org> writes:
> 
> > What this does is get rid of the horrible notion of having that
> >
> >     struct inode *ptmx_inode
> >
> > be the interface between the pty code and devpts. By de-emphasizing the 
> > ptmx inode, a lot of things actually get cleaner, and we will have a much 
> > saner way forward.
> 
> I will take a look in a minute.   Before I do that I want to mention
> why I care about /dev/pts/ptmx.
> 
> There is a posix function that is widely used called ptsname.  It's
> function is to take a master file descriptor and returns the path to the
> slave.
> 
> All we have in the kernel to support ptsname is an ioctl TIOCGPTN that
> returns the pty number in the appropriate instance of devpts.
> 
> The only way we have today to query which instance of devpts the pty is
> on is through fstat and look st_dev to see if the file is on the correct
> filesystem.  This works when /dev/pts/ptmx is used and fails when
> /dev/ptmx is used.
> 
> Does anyone else care?
> 
> If no one cares I will stop worrying about it and just get on with
> fixing the rest of this mess which there definitely seems to be the will
> to do.

There seem to be quite a few users of ptsname (as found by
codesearch.debian.net).  I'm going to look through those results
a bit more tonight.  One common idiom is

	blah = ptsname(fd);
	slavefd = open(blah, ...);

That's more easily solved with a new helper.

The scariest thing of course is any callers of ptsname which are setuid-root.

short answer: i'm going to do some research to try and answer "who cares".

-serge