Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751638AbdHPEnl (ORCPT ); Wed, 16 Aug 2017 00:43:41 -0400 Received: from mx2.suse.de ([195.135.220.15]:54737 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750827AbdHPEnj (ORCPT ); Wed, 16 Aug 2017 00:43:39 -0400 Subject: Re: [PATCH] ioctl_tty.2: add TIOCGPTPEER documentation To: "Michael Kerrisk (man-pages)" Cc: linux-man@vger.kernel.org, linux-kernel@vger.kernel.org, Greg Kroah-Hartman , Christian Brauner , Valentin Rothberg , Jiri Slaby , containers@lists.linux-foundation.org References: <20170609170147.32311-1-asarai@suse.de> <11706e49-8271-ed8c-3747-19b3e8f2850d@gmail.com> From: Aleksa Sarai Message-ID: Date: Wed, 16 Aug 2017 14:43:29 +1000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <11706e49-8271-ed8c-3747-19b3e8f2850d@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1494 Lines: 35 > I've applied this patch, and then tweaked the wording a little. Could > you please check the following text: > > TIOCGPTPEER int flags > (since Linux 4.13) Given a file descriptor in fd that > refers to a pseudoterminal master, open (with the given > open(2)-style flags) and return a new file descriptor that > refers to the peer pseudoterminal slave device. This oper‐ > ation can be performed regardless of whether the pathname > of the slave device is accessible through the calling > process's mount namespaces. > > Security-conscious programs interacting with namespaces may > wish to use this operation rather than open(2) with the > pathname returned by ptsname(3), and similar library func‐ > tions that have insecure APIs. Yup, that sounds good. > I also have a question on the last sentence: what are the "similar library > functions that have insecure APIs"? It's not clear to me what you are > referring to here. There are a few posix_-style functions provided by glibc that are just wrappers around the open+ptsname combo that I mention earlier in the sentence (and thus are vulnerable to the same issue). But if you feel it's confusing you can feel free to drop it. Thanks. -- Aleksa Sarai Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/