From patchwork Mon Oct 3 06:16:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Serge E. Hallyn" X-Patchwork-Id: 16212 Received: (qmail 14634 invoked by alias); 3 Oct 2016 06:16:16 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 14597 invoked by uid 89); 3 Oct 2016 06:16:15 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL, BAYES_00, KAM_LAZY_DOMAIN_SECURITY, RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=pts, dangerous, sysdeps, uptodate X-HELO: h2.hallyn.com Date: Mon, 3 Oct 2016 01:16:02 -0500 From: "Serge E. Hallyn" To: "Serge E. Hallyn" , Florian Weimer , libc-alpha@sourceware.org, =?iso-8859-1?Q?St=E9phane?= Graber Subject: Re: [PATCH] linux ttyname and ttyname_r: return link if appropriate Message-ID: <20161003061602.GA5257@mail.hallyn.com> References: <20160420185141.GA31095@ubuntumail> <20160727165711.GA27815@altlinux.org> <20160806020855.GA19897@mail.hallyn.com> <20160806084559.GS6702@vapier.lan> <20160806150002.GA24315@mail.hallyn.com> <20160809211841.GB2566@altlinux.org> <20160809213937.GA3392@mail.hallyn.com> <20160810230351.GA20138@mail.hallyn.com> <20160810231818.GA20183@altlinux.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20160810231818.GA20183@altlinux.org> User-Agent: Mutt/1.5.21 (2010-09-15) On Thu, Aug 11, 2016 at 02:18:18AM +0300, Dmitry V. Levin wrote: > On Wed, Aug 10, 2016 at 06:03:51PM -0500, Serge E. Hallyn wrote: > [...] > > But, even if we decide that part is dangerous, the part where we do not > > return /dev/pts/N when /proc/self/fd/M is from a different devpts mount > > than the /dev/pts/N in caller's namespace is I think very important, and > > should at least be separately applied. > > I agree. > In that case, what should ttyname/ttyname_r set errno to? ENOTTY? I chose ENODEV below. I like that as it is more meaningful to uptodate userspace. Is it ok with you? thanks, -serge From 72de5a6616dde09c2851554b917a07dd7ebc1449 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Fri, 15 Apr 2016 10:21:07 -0500 Subject: [PATCH 1/1] linux ttyname and ttyname_r: do not return wrong results If a link (say /proc/self/fd/0) pointint to a device, say /dev/pts/2, in a parent mount namespace is passed to ttyname, and a /dev/pts/2 exists (in a different devpts) in the current namespace, then it returns /dev/pts/2. But /dev/pts/2 is NOT the current tty, it is a different file and device. Detect this case and return ENODEV. Userspace can choose to take this as a hint that the fd points to a tty device but to act on the fd rather than the link. --- sysdeps/unix/sysv/linux/ttyname.c | 25 +++++++++++++++++++++++-- sysdeps/unix/sysv/linux/ttyname_r.c | 26 ++++++++++++++++++++++++-- 2 files changed, 47 insertions(+), 4 deletions(-) diff --git a/sysdeps/unix/sysv/linux/ttyname.c b/sysdeps/unix/sysv/linux/ttyname.c index 7a001b4..a9e7e20 100644 --- a/sysdeps/unix/sysv/linux/ttyname.c +++ b/sysdeps/unix/sysv/linux/ttyname.c @@ -25,6 +25,7 @@ #include #include #include +#include #include <_itoa.h> @@ -33,6 +34,19 @@ char *__ttyname; #endif +/* Return true if this is a UNIX98 pty device, as defined in + linux/Documentation/devices.txt. */ +static int +is_pty (struct stat64 *sb) +{ +#ifdef _STATBUF_ST_RDEV + int m = major (sb->st_rdev); + return (136 <= m && m <= 143); +#else + return false; +#endif +} + static char *getttyname (const char *dev, dev_t mydev, ino64_t myino, int save, int *dostat) internal_function; @@ -170,12 +184,19 @@ ttyname (int fd) #ifdef _STATBUF_ST_RDEV && S_ISCHR (st1.st_mode) && st1.st_rdev == st.st_rdev -#else +#endif && st1.st_ino == st.st_ino && st1.st_dev == st.st_dev -#endif ) return ttyname_buf; + + /* If the link doesn't exist, then it points to a device in another + namespace. */ + if (is_pty (&st)) + { + __set_errno (ENODEV); + return NULL; + } } if (__xstat64 (_STAT_VER, "/dev/pts", &st1) == 0 && S_ISDIR (st1.st_mode)) diff --git a/sysdeps/unix/sysv/linux/ttyname_r.c b/sysdeps/unix/sysv/linux/ttyname_r.c index d15bc74..e4a2ac6 100644 --- a/sysdeps/unix/sysv/linux/ttyname_r.c +++ b/sysdeps/unix/sysv/linux/ttyname_r.c @@ -25,6 +25,7 @@ #include #include #include +#include #include <_itoa.h> @@ -32,6 +33,19 @@ static int getttyname_r (char *buf, size_t buflen, dev_t mydev, ino64_t myino, int save, int *dostat) internal_function; +/* Return true if this is a UNIX98 pty device, as defined in + linux/Documentation/devices.txt. */ +static int +is_pty (struct stat64 *sb) +{ +#ifdef _STATBUF_ST_RDEV + int m = major (sb->st_rdev); + return (136 <= m && m <= 143); +#else + return false; +#endif +} + static int internal_function attribute_compat_text_section getttyname_r (char *buf, size_t buflen, dev_t mydev, ino64_t myino, @@ -152,12 +166,20 @@ __ttyname_r (int fd, char *buf, size_t buflen) #ifdef _STATBUF_ST_RDEV && S_ISCHR (st1.st_mode) && st1.st_rdev == st.st_rdev -#else +#endif && st1.st_ino == st.st_ino && st1.st_dev == st.st_dev -#endif ) return 0; + + /* If the link doesn't exist, then it points to a device in another + namespace. If it is a UNIX98 pty, then return the /proc/self + fd, as it points to a name unreachable in our namespace. */ + if (is_pty (&st)) + { + __set_errno (ENODEV); + return ENODEV; + } } /* Prepare the result buffer. */