| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 09 Apr 2016 15:37:55 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: ebiederm@...ssion.com CC: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>, Linus Torvalds <torvalds@...ux-foundation.org>, Peter Hurley <peter@...leysoftware.com>, Greg KH <greg@...ah.com>, Jiri Slaby <jslaby@...e.com>, Aurelien Jarno <aurelien@...el32.net>, Andy Lutomirski <luto@...capital.net>, Florian Weimer <fw@...eb.enyo.de>, Al Viro <viro@...iv.linux.org.uk>, Serge Hallyn <serge.hallyn@...ntu.com>, Jann Horn <jann@...jh.net>, "security@...nel.org" <security@...nel.org>, "security@...ntu.com >> security" <security@...ntu.com>, security@...ian.org, Willy Tarreau <w@....eu>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup On April 9, 2016 7:45:46 AM PDT, ebiederm@...ssion.com wrote: >"H. Peter Anvin" <hpa@...or.com> writes: > >> On April 9, 2016 6:09:09 AM PDT, One Thousand Gnomes ><gnomes@...rguk.ukuu.org.uk> wrote: >>> >>>> If anyone has a better idea on how userspace should connect the >>>master >>>> pty file descriptor the slave file descriptor, I would be willing >to >>>> implement that instead. >>> >>>If we are willing to go away from the existing mess of a tty >interface >>>inflicted on us by BSD and then mashed up by POSIX then a syscall of >>> >>> int err = ptypair(int fd[2], int perms, int flags); >>> >>>[where flags is the O_ ones we usually need to cover (CLOEXEC etc) >and >>>maybe even some kind of "private" flag to say don't even expose it >via >>>devpts). >>> >>>would do remarkably sane things to the majoirty of use cases as it >>>breaks >>>the dependence on grantpt and also the historic screwup that pty >pairs >>>aren't allocated atomically with both file handles returned as pipe() >>>does. >>> >>>Alan >> >> We don't even need to do that if we'd be willing to change the user >> space interface... if we could rely on the POSIX interface then >> posix_openpt() could simply open /dev/pts/ptmx and everything would >> just work. > >At a quick skim it does look like userspace uses posix_openpt for the >most part. Certainly portable apps that can run on FreeBSD do. >And just grepping through binaries all of the ones I have checked so >far >are calling posix_openpt. > >Peter if you or someone could start updating the userspace version of >posix_openpt to use /dev/pts/ptmx when available over /dev/ptmx in >parallel to the kernel work to always allow mount of devpts to give >distinct instances that would be great. > >> The trick here is how to make it work in the presence of some >> extremely bad practices in existing userspace. > >Yeah. I am going to look and see if I can move this controversial bit >to a separate patch so we can discuss it more conviniently. > >Eric On the flipside, if we were to allow ourselves to break userspace, at this point I would suggest making /dev/pts/ptmx have a different device number and make the legacy /dev/ptmx print a warning message, after which it can at least eventually be deleted. This might not be a bad idea anyway. -- Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.
Powered by blists - more mailing lists