Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933363AbcDSVAO (ORCPT ); Tue, 19 Apr 2016 17:00:14 -0400 Received: from terminus.zytor.com ([198.137.202.10]:44572 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754482AbcDSVAM (ORCPT ); Tue, 19 Apr 2016 17:00:12 -0400 Subject: Re: Does anyone care about a race free ptsname? To: "Eric W. Biederman" References: <878u0s3orx.fsf_-_@x220.int.ebiederm.org> <83FE8CD2-C0A2-4ADB-AEBD-8DD89AD4F88A@zytor.com> <87bn5ij0x1.fsf@x220.int.ebiederm.org> <78205895-E11D-417F-91DC-4BCA0B61A122@zytor.com> <570D4781.3070600@zytor.com> <877ffyzy1j.fsf_-_@x220.int.ebiederm.org> <87inzdmo9z.fsf_-_@x220.int.ebiederm.org> <877fftiblc.fsf@x220.int.ebiederm.org> Cc: Linus Torvalds , Andy Lutomirski , security@debian.org, "security@kernel.org" , Al Viro , "security@ubuntu.com >> security" , Peter Hurley , Serge Hallyn , Willy Tarreau , Aurelien Jarno , One Thousand Gnomes , Jann Horn , Greg KH , Linux Kernel Mailing List , Jiri Slaby , Florian Weimer From: "H. Peter Anvin" Message-ID: <57169B2D.6030606@zytor.com> Date: Tue, 19 Apr 2016 13:55:09 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 MIME-Version: 1.0 In-Reply-To: <877fftiblc.fsf@x220.int.ebiederm.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 837 Lines: 20 On 04/19/2016 01:32 PM, Eric W. Biederman wrote: > > The challenge came in operations such as granpt. Where you are passed > in a ptmx file descriptor from who knows where, and you pass it on > to applications such as pt_chown which run with elevatated privileged. > > As the information is available of where devpts is mounted in > relationship to /dev/ptmx I have no more concerns about implementing > ptsname. Path pased is also sufficiently backwards compatible it would > not usually be wrong even on existing kernels. > pt_chown is evil. It should have been removed ages ago, and from the very beginning have failed if run on a devpts filesystem. Unfortunately the glibc people didn't do so, and that is a major reason we're in the current mess. That being said, the ioctl(TIOCOPENSLAVE) idea would deal with that. -hpa