diff mbox

linux ttyname and ttyname_r: return link if appropriate

Message ID 20160806020855.GA19897@mail.hallyn.com
State New, archived
Headers

Commit Message

Serge E. Hallyn Aug. 6, 2016, 2:08 a.m. UTC 
  Quoting Dmitry V. Levin (ldv@altlinux.org):
> On Wed, Apr 20, 2016 at 06:51:41PM +0000, Serge Hallyn wrote:
> > 1. If the passed-in link (say /proc/self/fd/0) points to a
> > device, say /dev/pts/2, in a parent mount namespace, and a
> > /dev/pts/2 exists (in a different devpts) in the current
> > namespace, then it returns /dev/pts/2.  But /dev/pts/2 is
> > NOT the current tty, it is a different file and device.
> [...]
> > --- a/sysdeps/unix/sysv/linux/ttyname.c
> > +++ b/sysdeps/unix/sysv/linux/ttyname.c
> [...]
> > @@ -170,12 +184,19 @@ ttyname (int fd)
> >  #ifdef _STATBUF_ST_RDEV
> >  	  && S_ISCHR (st1.st_mode)
> >  	  && st1.st_rdev == st.st_rdev
> > +	  && st1.st_dev == st.st_dev
> >  #else
> >  	  && st1.st_ino == st.st_ino
> >  	  && st1.st_dev == st.st_dev
> >  #endif
> 
> __ttyname_r also needs this st_dev check.
> 
> To be on the safe side, I'd check st_ino in _STATBUF_ST_RDEV case as well.

(new patch follows)

The current ttyname does the wrong thing in two cases:

1. If the passed-in link (say /proc/self/fd/0) points to a
device, say /dev/pts/2, in a parent mount namespace, and a
/dev/pts/2 exists (in a different devpts) in the current
namespace, then it returns /dev/pts/2.  But /dev/pts/2 is
NOT the current tty, it is a different file and device.

2. If the passed-in link (say /proc/self/fd/0) points to
a device, say /dev/pts/2, in a parent mount namespace, and
/dev/pts/2 does not exist in the current namespace, it
returns success but an empty name.  As far as I can tell,
there is no reason for it to not return /proc/self/fd/0.
http://pubs.opengroup.org/onlinepubs/009695399/functions/ttyname.html
does not say anything about not returning a link.
---
 sysdeps/unix/sysv/linux/ttyname.c   | 22 ++++++++++++++++++++++
 sysdeps/unix/sysv/linux/ttyname_r.c | 25 +++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

Comments

Mike Frysinger Aug. 6, 2016, 8:45 a.m. UTC | #1 
On 05 Aug 2016 21:08, Serge E. Hallyn wrote:
>  #ifdef _STATBUF_ST_RDEV
>  	  && S_ISCHR (st1.st_mode)
>  	  && st1.st_rdev == st.st_rdev
> +	  && st1.st_dev == st.st_dev
> +	  && st1.st_ino == st.st_ino
>  #else
>  	  && st1.st_ino == st.st_ino
>  	  && st1.st_dev == st.st_dev
>  #endif

wouldn't it be better to shuffle the ifdef then ?
	#ifdef _STATBUF_ST_RDEV
		&& S_ISCHR (st1.st_mode)
		&& st1.st_rdev == st.st_rdev
	#endif
		&& st1.st_ino == st.st_ino
		&& st1.st_dev == st.st_dev)
-mike
diff mbox

Patch

diff --git a/sysdeps/unix/sysv/linux/ttyname.c b/sysdeps/unix/sysv/linux/ttyname.c
index 7a001b4..c45a847 100644
--- a/sysdeps/unix/sysv/linux/ttyname.c
+++ b/sysdeps/unix/sysv/linux/ttyname.c
@@ -25,6 +25,7 @@ 
 #include <unistd.h>
 #include <string.h>
 #include <stdlib.h>
+#include <sys/sysmacros.h>
 
 #include <_itoa.h>
 
@@ -33,6 +34,19 @@ 
 char *__ttyname;
 #endif
 
+/* Return true if this is a UNIX98 pty device, as defined in
+   linux/Documentation/devices.txt.  */
+static int
+is_pty (struct stat64 *sb)
+{
+#ifdef _STATBUF_ST_RDEV
+  int m = major (sb->st_rdev);
+  return (136 <= m && m <= 143);
+#else
+  return false;
+#endif
+}
+
 static char *getttyname (const char *dev, dev_t mydev,
 			 ino64_t myino, int save, int *dostat)
      internal_function;
@@ -170,12 +184,20 @@  ttyname (int fd)
 #ifdef _STATBUF_ST_RDEV
 	  && S_ISCHR (st1.st_mode)
 	  && st1.st_rdev == st.st_rdev
+	  && st1.st_dev == st.st_dev
+	  && st1.st_ino == st.st_ino
 #else
 	  && st1.st_ino == st.st_ino
 	  && st1.st_dev == st.st_dev
 #endif
 	  )
 	return ttyname_buf;
+
+      /* If the link doesn't exist, then it points to a device in another
+	 namespace.  If it is a UNIX98 pty, then return the /proc/self
+	 fd, as it points to a name unreachable in our namespace.  */
+      if (is_pty (&st) && strlen (procname) < buflen - 1)
+	return strcpy (ttyname_buf, procname);
     }
 
   if (__xstat64 (_STAT_VER, "/dev/pts", &st1) == 0 && S_ISDIR (st1.st_mode))
diff --git a/sysdeps/unix/sysv/linux/ttyname_r.c b/sysdeps/unix/sysv/linux/ttyname_r.c
index d15bc74..d95d07e 100644
--- a/sysdeps/unix/sysv/linux/ttyname_r.c
+++ b/sysdeps/unix/sysv/linux/ttyname_r.c
@@ -25,6 +25,7 @@ 
 #include <unistd.h>
 #include <string.h>
 #include <stdlib.h>
+#include <sys/sysmacros.h>
 
 #include <_itoa.h>
 
@@ -32,6 +33,19 @@  static int getttyname_r (char *buf, size_t buflen,
 			 dev_t mydev, ino64_t myino, int save,
 			 int *dostat) internal_function;
 
+/* Return true if this is a UNIX98 pty device, as defined in
+   linux/Documentation/devices.txt.  */
+static int
+is_pty (struct stat64 *sb)
+{
+#ifdef _STATBUF_ST_RDEV
+  int m = major (sb->st_rdev);
+  return (136 <= m && m <= 143);
+#else
+  return false;
+#endif
+}
+
 static int
 internal_function attribute_compat_text_section
 getttyname_r (char *buf, size_t buflen, dev_t mydev, ino64_t myino,
@@ -152,12 +166,23 @@  __ttyname_r (int fd, char *buf, size_t buflen)
 #ifdef _STATBUF_ST_RDEV
 	  && S_ISCHR (st1.st_mode)
 	  && st1.st_rdev == st.st_rdev
+	  && st1.st_dev == st.st_dev
+	  && st1.st_ino == st.st_ino
 #else
 	  && st1.st_ino == st.st_ino
 	  && st1.st_dev == st.st_dev
 #endif
 	  )
 	return 0;
+
+      /* If the link doesn't exist, then it points to a device in another
+	 namespace.  If it is a UNIX98 pty, then return the /proc/self
+	 fd, as it points to a name unreachable in our namespace.  */
+      if (is_pty (&st) && strlen (procname) < buflen - 1)
+	{
+	  strcpy (buf, procname);
+	  return 0;
+	}
     }
 
   /* Prepare the result buffer.  */