lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+55aFyG476bzW1kBeF0MFRkXZkumaG-SzMexoPLdPFAzDUG6A@mail.gmail.com>
Date:	Tue, 3 Jan 2012 08:16:44 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Konstantin Khlebnikov <khlebnikov@...nvz.org>
Cc:	Greg Kroah-Hartman <gregkh@...e.de>, Alan Cox <alan@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tty: cleanup prohibition of direct opening for unix98 pty master

Looks ok as far as I can tell, and does indeed clean things up. I
assume somebody tested the case that we used to have issues with?

                    Linus

On Tue, Jan 3, 2012 at 12:51 AM, Konstantin Khlebnikov
<khlebnikov@...nvz.org> wrote:
> cleanup hack added in v2.6.27-3203-g15582d3
>
> comment from that patch:
>
> : pty: If the administrator creates a device for a ptmx slave we should not error
> :
> : The open path for ptmx slaves is via the ptmx device. Opening them any
> : other way is not allowed. Vegard Nossum found that previously this was not
> : the case and mknod foo c 128 42; cat foo would produce nasty diagnostics
> :
> : Signed-off-by: Alan Cox <alan@...hat.com>
> : Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
>
> devpts_get_tty() returns non-null only for inodes on devpts, but there is no
> inodes for master-devices, /dev/ptmx (/dev/pts/ptmx) is the only way to open them.
> Thus we can completely forbid lookup for master-devices and eliminate that hack in
> tty_init_dev() because tty_open() will get EIO from tty_driver_lookup_tty().
>
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@...nvz.org>
> ---
>  drivers/tty/pty.c    |    8 +++-----
>  drivers/tty/tty_io.c |   12 ++----------
>  include/linux/tty.h  |    3 +--
>  3 files changed, 6 insertions(+), 17 deletions(-)
>
> diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
> index e18604b..d2bf3c1 100644
> --- a/drivers/tty/pty.c
> +++ b/drivers/tty/pty.c
> @@ -526,10 +526,8 @@ static int pty_unix98_ioctl(struct tty_struct *tty,
>  static struct tty_struct *ptm_unix98_lookup(struct tty_driver *driver,
>                struct inode *ptm_inode, int idx)
>  {
> -       struct tty_struct *tty = devpts_get_tty(ptm_inode, idx);
> -       if (tty)
> -               tty = tty->link;
> -       return tty;
> +       /* Master must be open via /dev/ptmx */
> +       return ERR_PTR(-EIO);
>  }
>
>  /**
> @@ -685,7 +683,7 @@ static int ptmx_open(struct inode *inode, struct file *filp)
>
>        mutex_lock(&tty_mutex);
>        tty_lock();
> -       tty = tty_init_dev(ptm_driver, index, 1);
> +       tty = tty_init_dev(ptm_driver, index);
>        mutex_unlock(&tty_mutex);
>
>        if (IS_ERR(tty)) {
> diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
> index 05085be..7cddf91 100644
> --- a/drivers/tty/tty_io.c
> +++ b/drivers/tty/tty_io.c
> @@ -1366,7 +1366,6 @@ static int tty_reopen(struct tty_struct *tty)
>  *     @driver: tty driver we are opening a device on
>  *     @idx: device index
>  *     @ret_tty: returned tty structure
> - *     @first_ok: ok to open a new device (used by ptmx)
>  *
>  *     Prepare a tty device. This may not be a "new" clean device but
>  *     could also be an active device. The pty drivers require special
> @@ -1386,18 +1385,11 @@ static int tty_reopen(struct tty_struct *tty)
>  * relaxed for the (most common) case of reopening a tty.
>  */
>
> -struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
> -                                                               int first_ok)
> +struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
>  {
>        struct tty_struct *tty;
>        int retval;
>
> -       /* Check if pty master is being opened multiple times */
> -       if (driver->subtype == PTY_TYPE_MASTER &&
> -               (driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok) {
> -               return ERR_PTR(-EIO);
> -       }
> -
>        /*
>         * First time open is complex, especially for PTY devices.
>         * This code guarantees that either everything succeeds and the
> @@ -1909,7 +1901,7 @@ got_driver:
>                if (retval)
>                        tty = ERR_PTR(retval);
>        } else
> -               tty = tty_init_dev(driver, index, 0);
> +               tty = tty_init_dev(driver, index);
>
>        mutex_unlock(&tty_mutex);
>        tty_driver_kref_put(driver);
> diff --git a/include/linux/tty.h b/include/linux/tty.h
> index 5dbb3cb..d3ebd76 100644
> --- a/include/linux/tty.h
> +++ b/include/linux/tty.h
> @@ -480,8 +480,7 @@ extern void free_tty_struct(struct tty_struct *tty);
>  extern void initialize_tty_struct(struct tty_struct *tty,
>                struct tty_driver *driver, int idx);
>  extern void deinitialize_tty_struct(struct tty_struct *tty);
> -extern struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
> -                                                               int first_ok);
> +extern struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx);
>  extern int tty_release(struct inode *inode, struct file *filp);
>  extern int tty_init_termios(struct tty_struct *tty);
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ