lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Feb 2017 16:35:12 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: Greg KH <gregkh@...uxfoundation.org> Cc: linux-api@...r.kernel.org, Christian Brauner <christian.brauner@...onical.com>, linux-kernel@...r.kernel.org, jslaby@...e.com Subject: Re: Hard-coding PTY device node numbers in userspace * Greg KH: > On Fri, Feb 17, 2017 at 12:02:52PM +0100, Florian Weimer wrote: >> We want to reject PTY devices from other namespaces as valid input to >> the ttyname and ttyname_r functions, while still providing a hint to >> callers that the device is, in fact, a PTY. Christian Brauner wrote a >> glibc patch for this: >> >> <https://sourceware.org/ml/libc-alpha/2017-01/msg00531.html> >> >> It hard-codes the major PTY device number range. Is this feasible? >> Is it part of the stable userspace ABI for the TTY subsystem? > > What major numbers are you using in the patch '2' and '3'? I think there is just one patch, and the check looks like this: static inline int is_pty (struct stat64 *sb) { int m = major (sb->st_rdev); return (136 <= m && m <= 143); } > And yes, > major numbers are static and you should be fine to rely on them. But > can't you test that the device is a pty to verify it? It's not entirely clear what exactly a PTY descriptor should be for ttyname. Going forward, we only want to treat descriptors for PTY devices which can be accessed using /dev/pts paths in the current namespace as PTYs. Christian's patch adds a separate error code for the case where the descriptor is a PTY, but it comes from a different namespace. I'm concerned that some software out there assumes that if standard input is a PTY according to ttyname, it is safe to chown it. There have been security issues related to that a long time ago on some UNIX systems, and I want us to be conservative here.
Powered by blists - more mailing lists