lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54BC2F0A.8040404@symas.com>
Date:	Sun, 18 Jan 2015 22:09:14 +0000
From:	Howard Chu <hyc@...as.com>
To:	Peter Hurley <peter@...leysoftware.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Jiri Slaby <jslaby@...e.cz>, linux-kernel@...r.kernel.org,
	linux-serial@...r.kernel.org
Subject: Re: [PATCH] n_tty: Remove LINEMODE support

Peter Hurley wrote:
> Commit 26df6d13406d1 ("tty: Add EXTPROC support for LINEMODE") added
> the undocumented EXTPROC input processing mode, which ignores the ICANON
> setting and forces pty slave input to be processed in non-canonical
> mode.
>
> Although intended to provide a transparent mechanism for local line
> edit with telnetd (and other remote shell protocols), the transparency
> is limited.
>
> Userspace usage is abandoned; telnetd does not even compile with
> LINEMODE support. readline/bash and sshd never supported this.

I object to this. Code for all of the above exists and works. I use this 
code daily.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585527
http://lists.gnu.org/archive/html/bug-readline/2011-01/msg00004.html
https://github.com/hyc/OpenSSH-LINEMODE

The lack of LINEMODE support in upstream sshd can only be considered a 
security hole.

http://www.metzdowd.com/pipermail/cryptography/2015-January/024288.html

>
> Cc: Howard Chu <hyc@...as.com>
> Signed-off-by: Peter Hurley <peter@...leysoftware.com>
> ---
>   drivers/tty/n_tty.c | 22 ++++++----------------
>   drivers/tty/pty.c   | 24 +-----------------------
>   2 files changed, 7 insertions(+), 39 deletions(-)
>
> diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
> index eb9f114..5120d2b 100644
> --- a/drivers/tty/n_tty.c
> +++ b/drivers/tty/n_tty.c
> @@ -1562,10 +1562,6 @@ n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
>   				c &= 0x7f;
>   			if (I_IUCLC(tty) && L_IEXTEN(tty))
>   				c = tolower(c);
> -			if (L_EXTPROC(tty)) {
> -				put_tty_queue(c, ldata);
> -				continue;
> -			}
>   			if (!test_bit(c, ldata->char_map))
>   				n_tty_receive_char_inline(tty, c);
>   			else if (n_tty_receive_char_special(tty, c) && count) {
> @@ -1613,9 +1609,9 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
>
>   	if (ldata->real_raw)
>   		n_tty_receive_buf_real_raw(tty, cp, fp, count);
> -	else if (ldata->raw || (L_EXTPROC(tty) && !preops))
> +	else if (ldata->raw)
>   		n_tty_receive_buf_raw(tty, cp, fp, count);
> -	else if (tty->closing && !L_EXTPROC(tty))
> +	else if (tty->closing)
>   		n_tty_receive_buf_closing(tty, cp, fp, count);
>   	else {
>   		if (ldata->lnext) {
> @@ -1637,13 +1633,13 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
>   			tty->ops->flush_chars(tty);
>   	}
>
> -	if (ldata->icanon && !L_EXTPROC(tty))
> +	if (ldata->icanon)
>   		return;
>
>   	/* publish read_head to consumer */
>   	smp_store_release(&ldata->commit_head, ldata->read_head);
>
> -	if ((read_cnt(ldata) >= ldata->minimum_to_wake) || L_EXTPROC(tty)) {
> +	if (read_cnt(ldata) >= ldata->minimum_to_wake) {
>   		kill_fasync(&tty->fasync, SIGIO, POLL_IN);
>   		if (waitqueue_active(&tty->read_wait))
>   			wake_up_interruptible_poll(&tty->read_wait, POLLIN);
> @@ -1939,7 +1935,7 @@ static inline int input_available_p(struct tty_struct *tty, int poll)
>   	struct n_tty_data *ldata = tty->disc_data;
>   	int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
>
> -	if (ldata->icanon && !L_EXTPROC(tty))
> +	if (ldata->icanon)
>   		return ldata->canon_head != ldata->read_tail;
>   	else
>   		return ldata->commit_head - ldata->read_tail >= amt;
> @@ -1973,7 +1969,6 @@ static int copy_from_read_buf(struct tty_struct *tty,
>   	struct n_tty_data *ldata = tty->disc_data;
>   	int retval;
>   	size_t n;
> -	bool is_eof;
>   	size_t head = smp_load_acquire(&ldata->commit_head);
>   	size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
>
> @@ -1983,14 +1978,9 @@ static int copy_from_read_buf(struct tty_struct *tty,
>   	if (n) {
>   		retval = copy_to_user(*b, read_buf_addr(ldata, tail), n);
>   		n -= retval;
> -		is_eof = n == 1 && read_buf(ldata, tail) == EOF_CHAR(tty);
>   		tty_audit_add_data(tty, read_buf_addr(ldata, tail), n,
>   				ldata->icanon);
>   		smp_store_release(&ldata->read_tail, ldata->read_tail + n);
> -		/* Turn single EOF into zero-length read */
> -		if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
> -		    (head == ldata->read_tail))
> -			n = 0;
>   		*b += n;
>   		*nr -= n;
>   	}
> @@ -2257,7 +2247,7 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
>   			continue;
>   		}
>
> -		if (ldata->icanon && !L_EXTPROC(tty)) {
> +		if (ldata->icanon) {
>   			retval = canon_copy_from_read_buf(tty, &b, &nr);
>   			if (retval == -EAGAIN) {
>   				retval = 0;
> diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
> index ee06b77..01ac182 100644
> --- a/drivers/tty/pty.c
> +++ b/drivers/tty/pty.c
> @@ -192,20 +192,6 @@ static int pty_get_pktmode(struct tty_struct *tty, int __user *arg)
>   	return put_user(pktmode, arg);
>   }
>
> -/* Send a signal to the slave */
> -static int pty_signal(struct tty_struct *tty, int sig)
> -{
> -	struct pid *pgrp;
> -
> -	if (tty->link) {
> -		pgrp = tty_get_pgrp(tty->link);
> -		if (pgrp)
> -			kill_pgrp(pgrp, sig, 1);
> -		put_pid(pgrp);
> -	}
> -	return 0;
> -}
> -
>   static void pty_flush_buffer(struct tty_struct *tty)
>   {
>   	struct tty_struct *to = tty->link;
> @@ -254,15 +240,13 @@ static void pty_set_termios(struct tty_struct *tty,
>   {
>   	/* See if packet mode change of state. */
>   	if (tty->link && tty->link->packet) {
> -		int extproc = (old_termios->c_lflag & EXTPROC) |
> -				(tty->termios.c_lflag & EXTPROC);
>   		int old_flow = ((old_termios->c_iflag & IXON) &&
>   				(old_termios->c_cc[VSTOP] == '\023') &&
>   				(old_termios->c_cc[VSTART] == '\021'));
>   		int new_flow = (I_IXON(tty) &&
>   				STOP_CHAR(tty) == '\023' &&
>   				START_CHAR(tty) == '\021');
> -		if ((old_flow != new_flow) || extproc) {
> +		if (old_flow != new_flow) {
>   			spin_lock_irq(&tty->ctrl_lock);
>   			if (old_flow != new_flow) {
>   				tty->ctrl_status &= ~(TIOCPKT_DOSTOP | TIOCPKT_NOSTOP);
> @@ -271,8 +255,6 @@ static void pty_set_termios(struct tty_struct *tty,
>   				else
>   					tty->ctrl_status |= TIOCPKT_NOSTOP;
>   			}
> -			if (extproc)
> -				tty->ctrl_status |= TIOCPKT_IOCTL;
>   			spin_unlock_irq(&tty->ctrl_lock);
>   			wake_up_interruptible(&tty->link->read_wait);
>   		}
> @@ -482,8 +464,6 @@ static int pty_bsd_ioctl(struct tty_struct *tty,
>   		return pty_set_pktmode(tty, (int __user *)arg);
>   	case TIOCGPKT: /* Get PT packet mode */
>   		return pty_get_pktmode(tty, (int __user *)arg);
> -	case TIOCSIG:    /* Send signal to other side of pty */
> -		return pty_signal(tty, (int) arg);
>   	case TIOCGPTN: /* TTY returns ENOTTY, but glibc expects EINVAL here */
>   		return -EINVAL;
>   	}
> @@ -607,8 +587,6 @@ static int pty_unix98_ioctl(struct tty_struct *tty,
>   		return pty_get_pktmode(tty, (int __user *)arg);
>   	case TIOCGPTN: /* Get PT Number */
>   		return put_user(tty->index, (unsigned int __user *)arg);
> -	case TIOCSIG:    /* Send signal to other side of pty */
> -		return pty_signal(tty, (int) arg);
>   	}
>
>   	return -ENOIOCTLCMD;
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ