lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080803130439.743ff0ae@lxorguk.ukuu.org.uk>
Date:	Sun, 3 Aug 2008 13:04:39 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	sukadev@...ibm.com
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Andrew Morton <akpm@...l.org>, serue@...ibm.com,
	matthltc@...ibm.com, Pavel Emelyanov <xemul@...nvz.org>,
	Containers <containers@...ts.osdl.org>,
	linux-kernel@...r.kernel.org, Greg KH <greg@...ah.com>,
	sukadev@...ibm.com
Subject: Re: Per-instance devpts

> > 1. /dev/ptmx would have to change to a symlink, ptmx -> pts/ptmx.
> 
> IIRC, /dev/tty also needs a similar symlink.

Making them symlinks is asking for trouble because some code does go
around using stat and the like and tools like MAKEDEV have definite ideas.

For /dev/tty the definition is precisely that it is your controlling
tty. No reference to namespace and a task whose controlling tty is in a
different namespace should still open the controlling tty not some
parallel in another universe when you open /dev/tty.

If you want to make sure the controlling tty is in the right namespace
that can be done in userspace when transferring control into a namespace.
In many cases I doubt that is even what is wanted.

> > 2. Permissions on /dev/ptmx would not be persistent, and would have to
> >    be set via devpts mount options (unless they're 0666 root.tty, which
> >    would presumably be the default.)
> > 3. The /proc/sys/kernel/pty limit would be global; a per-filesystem
> >    limit could be added on top or instead (presumably via a filesystem
> >    mount options.)
> >
> > I worry #1 would have substantial user-space impact, but I don't see a way 
> > around it, since there would be no obvious way to associate /dev/ptmx with 
> > a filesystem.

/dev/tty and /dev/ptmx already primarily operate by identifying a device
and switching the work to that. Actually putting a bit of namespace logic
in the driver code so the actual files stay as expected (device nodes
etc) seems a *lot* simpler than trying to do symlink hacks.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ