| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Jun 2012 01:14:41 +0200
From: Richard Weinberger <richard@....at>
To: Alan Cox <alan@...rguk.ukuu.org.uk>
CC: jslaby@...e.cz, user-mode-linux-devel@...ts.sourceforge.net,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
viro@...iv.linux.org.uk, alan@...ux.intel.com, kzak@...hat.com
Subject: Re: um: TTY fixes (?)
Am 04.06.2012 23:17, schrieb Alan Cox:
>> On all other ttys login works but bash dies because of of -EIO.
>> After vhangup() the tty returns -EIO upon read()/write().
>
> You can't re-open the tty because a process is holding on to it, not
> closing it and not killable. Fedora shouldn't be holding these devices
> open this way. The behaviour we have of refusing to reopen them why this
> is the case is both a) what the spec seems to say b) good security.
Hmm, there seems to be a bug in util-linux's login.
login-utils/login.c::init_tty() does:
...
/* Kill processes left on this tty */
tcsetattr(0, TCSAFLUSH, &ttt);
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
/* open stdin,stdout,stderr to the tty */
open_tty(cxt->tty_path);
/* restore tty modes */
tcsetattr(0, TCSAFLUSH, &tt);
...
By calling vhangup() it kills all other programs on the current tty.
open_tty() opens the tty again but it's still open because stdin, stdout and stderr
belongs to it.
If I add:
fclose(stdin);
fclose(stdout);
fclose(stderr);
before the call to vhangup() login works like charm. :-)
Karel, what do you think?
Thanks,
//richard
Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists