| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Apr 2016 13:55:09 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Andy Lutomirski <luto@...capital.net>, security@...ian.org, "security@...nel.org" <security@...nel.org>, Al Viro <viro@...iv.linux.org.uk>, "security@...ntu.com >> security" <security@...ntu.com>, Peter Hurley <peter@...leysoftware.com>, Serge Hallyn <serge.hallyn@...ntu.com>, Willy Tarreau <w@....eu>, Aurelien Jarno <aurelien@...el32.net>, One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>, Jann Horn <jann@...jh.net>, Greg KH <greg@...ah.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Jiri Slaby <jslaby@...e.com>, Florian Weimer <fw@...eb.enyo.de> Subject: Re: Does anyone care about a race free ptsname? On 04/19/2016 01:32 PM, Eric W. Biederman wrote: > > The challenge came in operations such as granpt. Where you are passed > in a ptmx file descriptor from who knows where, and you pass it on > to applications such as pt_chown which run with elevatated privileged. > > As the information is available of where devpts is mounted in > relationship to /dev/ptmx I have no more concerns about implementing > ptsname. Path pased is also sufficiently backwards compatible it would > not usually be wrong even on existing kernels. > pt_chown is evil. It should have been removed ages ago, and from the very beginning have failed if run on a devpts filesystem. Unfortunately the glibc people didn't do so, and that is a major reason we're in the current mess. That being said, the ioctl(TIOCOPENSLAVE) idea would deal with that. -hpa
Powered by blists - more mailing lists