lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 09 Apr 2016 17:06:52 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: Linus Torvalds <torvalds@...ux-foundation.org> CC: "Eric W. Biederman" <ebiederm@...ssion.com>, One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>, Peter Hurley <peter@...leysoftware.com>, Greg KH <greg@...ah.com>, Jiri Slaby <jslaby@...e.com>, Aurelien Jarno <aurelien@...el32.net>, Andy Lutomirski <luto@...capital.net>, Florian Weimer <fw@...eb.enyo.de>, Al Viro <viro@...iv.linux.org.uk>, Serge Hallyn <serge.hallyn@...ntu.com>, Jann Horn <jann@...jh.net>, "security@...nel.org" <security@...nel.org>, "security@...ntu.com >> security" <security@...ntu.com>, security@...ian.org, Willy Tarreau <w@....eu>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup On April 9, 2016 5:01:27 PM PDT, Linus Torvalds <torvalds@...ux-foundation.org> wrote: >On Sat, Apr 9, 2016 at 3:37 PM, H. Peter Anvin <hpa@...or.com> wrote: >> >> On the flipside, if we were to allow ourselves to break userspace, at >this point I would suggest making /dev/pts/ptmx have a different device >number and make the legacy /dev/ptmx print a warning message, after >which it can at least eventually be deleted. > >You don't need a different device number. > >The /dev/pts/ptmx file may look like it's the same node as /dev/ptmx, >but it is trivial to recognize as the pts one: > > if (dentry->d_sb->s_magic == DEVPTS_SUPER_MAGIC) > >and you're done. > >But nobody actually uses /dev/pts/ptmx, because it has never had sane >permissions. > >So the fact is, /dev/ptmx is what people use, and we're not breaking >userspace. > >But when we fix bad semantics (and always just looking up the initial >pts mount really is crazy semantics) that doesn't mean that we have to >bend over backwards to not make the changed semantics visible. We >don't _break_ user space, but we also don't care about some random >test-program that checks for particular semantics. > >And I can pretty much _guarantee_ that nobody has ever done the "let's >bind-mount a 'ptmx' node in a /dev directory, and then expect that to >bind to some _other_ pts thing than the one in /dev/pts/". > >Except as a test-program, or possibly as a "why the f*ck doesn't this >work? Oh, I need to use the single-instance thing because the >multi-instance pts thing is broken. Damn shitty implementation". > > Linus Fixing the default permissions is trivial, of course. The intent from the beginning was to make a ptmx -> pts/ptmx, but user space never did... -- Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.
Powered by blists - more mailing lists