Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751754AbdFIRCE (ORCPT <rfc822;w@1wt.eu>);
        Fri, 9 Jun 2017 13:02:04 -0400
Received: from mx2.suse.de ([195.135.220.15]:50988 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751641AbdFIRCC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Jun 2017 13:02:02 -0400
From: Aleksa Sarai <asarai@suse.de>
To: mtk.manpages@gmail.com
Cc: linux-man@vger.kernel.org, linux-kernel@vger.kernel.org,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Valentin Rothberg <vrothberg@suse.com>, Jiri Slaby <jslaby@suse.com>,
        Aleksa Sarai <asarai@suse.de>, containers@lists.linux-foundation.org
Subject: [PATCH] ioctl_tty.2: add TIOCGPTPEER documentation
Date: Sat, 10 Jun 2017 03:01:47 +1000
Message-Id: <20170609170147.32311-1-asarai@suse.de>
X-Mailer: git-send-email 2.13.1
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1800
Lines: 51

The feature this patch references has currently only been accepted into
tty-testing, but Greg told me to kick this down to man-pages. As a
result, I can't reference upstream commit id's because the code isn't in
Linus' tree yet -- should I resend this once it lands in tty-next or
Linus' tree?

Also obviously the release version is a bit of a lie.

8<-----------------------------------------------------------------------

This is an ioctl(2) recently added by myself, to allow for container
runtimes and other programs that interact with (potentially hostile)
Linux namespaces to safely create {master,slave} pseudoterminal pairs
without needing to open potentially unsafe /dev/pts/... filenames that
may be malicious mountpoints or similar in an untrusted namespace
(avoiding the endless issues with ptsname(3) and similar approaches).

Cc: <containers@lists.linux-foundation.org>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
 man2/ioctl_tty.2 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/man2/ioctl_tty.2 b/man2/ioctl_tty.2
index d280beacf..61e147d99 100644
--- a/man2/ioctl_tty.2
+++ b/man2/ioctl_tty.2
@@ -380,6 +380,21 @@ Place the current lock state of the pseudoterminal slave device
 in the location pointed to by
 .IR argp
 (since Linux 3.8).
+.TP
+.BI "TIOCGPTPEER	int " flags
+Opens and returns a new file handle to the pseudoterminal slave
+device with the given
+.BR open (2)-style
+.IR flags ,
+regardless of whether the path is accessible through the calling process's
+mount namespaces.
+
+Security-conscious programs interacting with namespaces may wish to use this
+over
+.BR open (2)
+with the path provided by
+.BR ptsname (3),
+and similar library methods that have insecure APIs (since Linux 4.13).
 .PP
 The BSD ioctls
 .BR TIOCSTOP ,
-- 
2.13.1