Thread (8 messages) 8 messages, 3 authors, 2017-06-09

Re: [PATCH v4 2/2] tty: add TIOCGPTPEER ioctl

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2017-06-09 10:04:54
Also in: linux-alpha, linux-arch, linux-mips, linux-sh, lkml, sparclinux 

On Fri, Jun 09, 2017 at 07:50:43PM +1000, Aleksa Sarai wrote:
quoted
quoted
When opening the slave end of a PTY, it is not possible for userspace to
safely ensure that /dev/pts/$num is actually a slave (in cases where the
mount namespace in which devpts was mounted is controlled by an
untrusted process). In addition, there are several unresolvable
race conditions if userspace were to attempt to detect attacks through
stat(2) and other similar methods [in addition it is not clear how
userspace could detect attacks involving FUSE].

Resolve this by providing an interface for userpace to safely open the
"peer" end of a PTY file descriptor by using the dentry cached by
devpts. Since it is not possible to have an open master PTY without
having its slave exposed in /dev/pts this interface is safe. This
interface currently does not provide a way to get the master pty (since
it is not clear whether such an interface is safe or even useful).

Cc: Christian Brauner <redacted>
Cc: Valentin Rothberg <redacted>
Signed-off-by: Aleksa Sarai <redacted>
Is this going to be documented anywhere?  Is there a man page update
that also goes along with this?
I will add one, I didn't know where the man-pages project is hosted / where
patches get pushed? What is the ML?
From the MAINTAINERS file:
  MAN-PAGES: MANUAL PAGES FOR LINUX -- Sections 2, 3, 4, 5, and 7
  M:      Michael Kerrisk [off-list ref]
  W:      http://www.kernel.org/doc/man-pages
  L:      linux-man@vger.kernel.org
  S:      Maintained

quoted
What userspace program wants to use this?
LXC (Christian is on Cc) will use this, runC will most likely use it,
pending on some design discussions (as well as some future container
runtimes I'm planning on working on). Effectively any container runtime that
wants to safely create terminals and spawn containers inside an existing
container's namespaces will likely want to use this.

[ As an aside, I /would/ argue this is a security fix (it fixes an interface
problem that made doing certain operations securely possible) but I didn't
want to Cc stable@ because it's a feature and not a strict bugfix. ]
Yeah, it's a new feature, so stable doesn't really fit here.  And as
people who use containers are all keeping up to date with their kernel
versions, this shouldn't be that big of a deal, not like the Android
kernel mess :)

thanks,

greg k-h
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help