[1204] in linux-security and linux-alert archive
[linux-security] tty chowning
daemon@ATHENA.MIT.EDU (David Holland)
Sat Oct 12 07:40:39 1996
From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 10 Oct 1996 01:22:19 -0400 (EDT)
Cc: dholland@burgundy.eecs.harvard.edu (David Holland)
About a month ago I mentioned a way to handle tty chowning without
being root. Unfortunately, it had some problems.
Here's another shot:
Make an ioctl on the pty end that does the chowning.
ioctl(pty_fd, TIOCCHOWN, path)
In order to be able to find the tty end, you pass in the path to the
tty end. The ioctl confirms that the path points to a device inode
that's the tty end of the pty in question (otherwise returns EPERM),
and then does
chmod(path, 0600)
chown(path, getuid(), ?);
revoke(path)
Linux needs a revoke, but that's another problem entirely.
I'm not sure what to do with the gid - maybe assume they'll all be
initialized to group tty and not change it? Maybe have the gid to use
be passed into the ioctl? Suggestions?
The code to open a pty would then look something like this:
while (1) {
char *path = mumble_get_next_pty_name();
if (!path) break;
int ptyfd = open(path, O_RDWR);
if (ptyfd<0) continue;
path[5] = 't';
if (ioctl(ptyfd, TIOCCHOWN, path)<0) continue;
int ttyfd = open(path, O_RDWR);
if (ttyfd<0) { close(ptyfd); continue; }
do_something_with_ptyfd_such_as_fork(ptyfd);
return ttyfd;
}
return -1;
Thoughts?
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino