lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 5 Jun 2012 12:41:25 +0200
From:	Karel Zak <kzak@...hat.com>
To:	Richard Weinberger <richard@....at>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>, jslaby@...e.cz,
	user-mode-linux-devel@...ts.sourceforge.net,
	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	viro@...iv.linux.org.uk, alan@...ux.intel.com
Subject: Re: um: TTY fixes (?)

On Tue, Jun 05, 2012 at 01:14:41AM +0200, Richard Weinberger wrote:
> Am 04.06.2012 23:17, schrieb Alan Cox:
> >> 	On all other ttys login works but bash dies because of of -EIO.
> >> 	After vhangup() the tty returns -EIO upon read()/write().
> > 
> > You can't re-open the tty because a process is holding on to it, not
> > closing it and not killable. Fedora shouldn't be holding these devices
> > open this way. The behaviour we have of refusing to reopen them why this
> > is the case is both a) what the spec seems to say b) good security.
> 
> Hmm, there seems to be a bug in util-linux's login.
> login-utils/login.c::init_tty() does:
> ...
>        /* Kill processes left on this tty */
>         tcsetattr(0, TCSAFLUSH, &ttt);
> 
>         signal(SIGHUP, SIG_IGN);        /* so vhangup() wont kill us */
>         vhangup();
>         signal(SIGHUP, SIG_DFL);
> 
>         /* open stdin,stdout,stderr to the tty */
>         open_tty(cxt->tty_path);
> 
>         /* restore tty modes */
>         tcsetattr(0, TCSAFLUSH, &tt);
> ...
> 
> By calling vhangup() it kills all other programs on the current tty.
> open_tty() opens the tty again but it's still open because stdin, stdout and stderr
> belongs to it.

 open_tty() closes all the old file descriptors after tty open:

    vhangup();
    ...
	fd = open(tty, O_RDWR | O_NONBLOCK);
    ...

	flags = fcntl(fd, F_GETFL);
	flags &= ~O_NONBLOCK;
	fcntl(fd, F_SETFL, flags);

	for (i = 0; i < fd; i++)
		close(i);
	for (i = 0; i < 3; i++)
		if (fd != i)
			dup2(fd, i);
	if (fd >= 3)
		close(fd);

we use this for pretty long time (17+ years).

> If I add:
>         fclose(stdin);
>         fclose(stdout);
>         fclose(stderr);
> before the call to vhangup() login works like charm. :-)
> 
> Karel, what do you think?

 It's probably no problem to close all the file descriptors before
 vhangup(), but it would be nice to know why we need this change after
 20 years :-)

    Karel

-- 
 Karel Zak  <kzak@...hat.com>
 http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ