[1204] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] tty chowning

daemon@ATHENA.MIT.EDU (David Holland)
Sat Oct 12 07:40:39 1996

From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 10 Oct 1996 01:22:19 -0400 (EDT)
Cc: dholland@burgundy.eecs.harvard.edu (David Holland)

About a month ago I mentioned a way to handle tty chowning without
being root. Unfortunately, it had some problems.

Here's another shot:

Make an ioctl on the pty end that does the chowning. 

	ioctl(pty_fd, TIOCCHOWN, path)

In order to be able to find the tty end, you pass in the path to the
tty end. The ioctl confirms that the path points to a device inode
that's the tty end of the pty in question (otherwise returns EPERM),
and then does

	chmod(path, 0600)
	chown(path, getuid(), ?);
	revoke(path)

Linux needs a revoke, but that's another problem entirely.

I'm not sure what to do with the gid - maybe assume they'll all be
initialized to group tty and not change it? Maybe have the gid to use
be passed into the ioctl? Suggestions?

The code to open a pty would then look something like this:

 	while (1) {
 	  char *path = mumble_get_next_pty_name();
 	  if (!path) break;
 	  int ptyfd = open(path, O_RDWR);
 	  if (ptyfd<0) continue;
 	  path[5] = 't';
 	  if (ioctl(ptyfd, TIOCCHOWN, path)<0) continue;

 	  int ttyfd = open(path, O_RDWR);
 	  if (ttyfd<0) { close(ptyfd); continue; }

	  do_something_with_ptyfd_such_as_fork(ptyfd);

 	  return ttyfd;
 	}
 	return -1;

Thoughts?

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino

home help back first fref pref prev next nref lref last post