View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000096 | 1003.1(2008)/Issue 7 | System Interfaces | public | 2009-06-29 20:10 | 2013-04-16 13:06 |
| Reporter | EdSchouten | Assigned To | ajosey | ||
| Priority | normal | Severity | Comment | Type | Clarification Requested |
| Status | Closed | Resolution | Accepted As Marked | ||
| Name | Ed Schouten | ||||
| Organization | The FreeBSD Project | ||||
| User Reference | |||||
| Section | posix_openpt | ||||
| Page Number | 0 | ||||
| Line Number | 0 | ||||
| Interp Status | --- | ||||
| Final Accepted Text | 0000096:0000200 | ||||
| Summary | 0000096: posix_openpt() and grantpt() | ||||
| Description | _____________________________________________________________________________ COMMENT Enhancement Request Number 26 ed:xxxxxxxxxxx Defect in XSH posix_openpt (rdvk# 1) {n/a} Mon, 16 Feb 2009 17:57:21 GMT _____________________________________________________________________________ I guess a small change to the spec could be made to make implementing pseudo-terminals on various operating systems more simple and more secure: The posix_openpt() is often used in combination with grantpt() and unlockpt(). Many operating systems will create a pseudo-terminal on demand, instead of recycling it. Linux uses /dev/ptmx and a file system called devpts, mounted on /dev/pts. In FreeBSD CURRENT, posix_openpt() is implemented as a system call, which allocates a TTY and exposes its device node in devfs. I haven't seen a single piece of software that calls grantpt() on a file descriptor multiple times, or changes the real UID before calling grantpt(). I guess it would be a lot simpler for operating systems to implement this, if there was some kind of provision that if posix_openpt() already performs the necessary steps to change the owner/group of the pseudo-terminal and performs an action similar to unlockpt(), the grantpt() and unlockpt() functions may be implemented as no-ops. I would almost advise to mark grantpt() and unlockpt() as obsolete, but that would break a lot of stuff, I guess. Right now some operating systems use setuid binaries to change the owner of the pseudo-terminal. By changing the specification as described above, operating systems will never need some `supernatural' function to bypass UNIX permissions to chown()/chmod() a character device they don't own. | ||||
| Desired Action | Change grantpt() and unlockpt() to mention: These functions may have no effect on implementations where similar actions are already performed by posix_openpt(). | ||||
| Tags | tc1-2008 | ||||
|
|
Based on the information presented the review group feel that the change is not necessary. |
|
|
Hi, I read the teleconference transcript after the issue had been discussed, but unfortunately it didn't contain any explanation as to why it had been closed. Stimulating users of this programming interface to create pseudo-terminals by regular uids would also make it possible to implement complex access controls to pseudo-terminals more easily. |
|
|
Add posix_openpt() to the SEE ALSO list for grantpt() The RATIONALE of grantpt() should be changed to SEE RATIONALE for posix_openpt() Same changes to unlockpt(), and ptsname() |
|
|
Additional note (post conf-call): In addition to the standard suggesting simply opening /dev/ptmx (see page 1421, line 46513), the linux man-pages project (see http://www.kernel.org/doc/man-pages/online/pages/man3/posix_openpt.3.html) also suggest the same implementation for posix_openpt(). It is clear that there are many implementations where the grant is not automatically done by posix_openpt(). |
|
|
Not entirely true... Linux uses a special file system type called devpts. It seems it implicitly does a grantpt(), because the file system creates the nodes with similar permissions: crw--w---- 1 ed tty 136, 1 2009-08-20 21:00 /dev/pts/1 I've done some tests and it seems it does require unlockpt(), but no grantpt() to operate properly. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-06-29 20:10 | msbrown | New Issue | |
| 2009-06-29 20:10 | msbrown | Status | New => Under Review |
| 2009-06-29 20:10 | msbrown | Assigned To | => ajosey |
| 2009-06-29 20:10 | msbrown | Name | => Mark Brown |
| 2009-06-29 20:10 | msbrown | Organization | => IBM |
| 2009-06-29 20:10 | msbrown | Section | => posix_openpt |
| 2009-06-29 20:10 | msbrown | Page Number | => 0 |
| 2009-06-29 20:10 | msbrown | Line Number | => 0 |
| 2009-06-29 20:11 | msbrown | Note Added: 0000137 | |
| 2009-06-29 20:11 | msbrown | Resolution | Open => Rejected |
| 2009-06-29 20:11 | msbrown | Status | Under Review => Closed |
| 2009-07-01 18:06 | Don Cragun | Name | Mark Brown => Ed Schouten |
| 2009-07-01 18:06 | Don Cragun | Organization | IBM => The FreeBSD Project |
| 2009-07-01 18:06 | Don Cragun | Reporter | msbrown => EdSchouten |
| 2009-07-03 19:18 | EdSchouten | Note Added: 0000152 | |
| 2009-07-03 19:18 | EdSchouten | Status | Closed => Under Review |
| 2009-07-03 19:18 | EdSchouten | Resolution | Rejected => Reopened |
| 2009-08-20 16:20 | ajosey | Interp Status | => --- |
| 2009-08-20 16:20 | ajosey | Note Added: 0000200 | |
| 2009-08-20 16:20 | ajosey | Status | Under Review => Resolved |
| 2009-08-20 16:20 | ajosey | Resolution | Reopened => Accepted As Marked |
| 2009-08-20 16:21 | ajosey | Final Accepted Text | => 0000096:0000200 |
| 2009-08-20 18:31 | nick | Note Added: 0000201 | |
| 2009-08-20 19:02 | EdSchouten | Note Added: 0000202 | |
| 2010-08-27 13:20 | ajosey | Tag Attached: tc1-2008 | |
| 2013-04-16 13:06 | ajosey | Status | Resolved => Closed |
