Re: ttys, setuid & security...

To: Vincent Renardias <vincent@waw.com>
Cc: debian-devel <debian-devel@lists.debian.org>
Subject: Re: ttys, setuid & security...
From: Raja R Harinath <harinath@cs.umn.edu>
Date: 01 Jun 1997 20:43:04 -0500
Message-id: <[🔎] d9yb8t4w5z.fsf@sejong.cs.umn.edu>
In-reply-to: Vincent Renardias's message of "Sun, 1 Jun 1997 22:53:12 +0100 (GMT+0100)"
References: <[🔎] Pine.LNX.3.91.970601224910.24382C-100000@odin.waw.com>

Vincent Renardias <vincent@waw.com> writes:
> Has any of you had a look at this:
> ftp://sunsite.unc.edu/pub/Linux/Incoming/pttyd-0.9.tgz
> 
> [its LSM file says:
> 
> Description:    The Pseudo-tty Daemon.  Changes ownership on the slave
>                 pseudo-tty's in an appropriate manner, mainaining security 
>                 without a suid root screen, xterm, or rxvt.
> ]
> 
> Maybe we should consider packaging this, it will allow to remove the 
> setuid bit of some programs like xterm, rxvt, ...
> 
> Opinions?

Here's an excerpt from an recent `linux-gcc' discussion that may be
interesting.  It's regarding SysV style ptys in Linux.  This may be the
way to go, in the long term, but would require mods to the kernel etc.

  From: Ulrich Drepper <drepper@ipd.info.uni-karlsruhe.de>
  Subject: Re: volunteer needed
  To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
  Cc: "ir. Mark M._Kettenis" <kettenis@phys.uva.nl>, linux-gcc@vger.rutgers.edu
  Date: 	30 May 1997 04:37:02 +0200
  Reply-To: drepper@ipd.info.uni-karlsruhe.de (Ulrich Drepper)

  "Theodore Y. Ts'o" <tytso@MIT.EDU> writes:
  > 1)  Open /dev/ptmx to get a free master psuedo tty.  The slave
  > pseudo-tty at this point is "locked" since the modes and permissions
  > haven't been set up yet.  What this means is that any attempt to open
  > the slave psuedo-tty will return an error.
  > 
  > 2)  Call grantpt(master_fd) to fix up the modes and permissions.  Note
  > that this either requires a setuid root program to be forked and
  > exec'ed, *or* magic kernel implementations that really paranoid about
  > what they do.
  > 
  > 3)  unlockpt(master_fd) clears the locked flag which now allows other
  > processes to try to open the slave pty.
  > 
  > 4)  Finally, ptsname(master_fd) will return the name of slave psedo-tty,
  > which you can then open.

  This all sounds plausible and I was wrong in the beginning.  It's a
  bit more complicated than I thought.

  Anyhow, for complete Unix compatibility Linux needs this functionality
  and companies writing Unix software will probably require this
  interface.

  So, "Search for volunteers, part II": any volunteers for the kernel
  changes?

  -- Uli
  ---------------.      drepper@cygnus.com  ,-.   Rubensstrasse 5
  Ulrich Drepper  \    ,-------------------'   \  76149 Karlsruhe/Germany
  Cygnus Solutions `--' drepper@gnu.ai.mit.edu  `------------------------

-- 
Raja R Harinath ------------------------------ harinath@cs.umn.edu
"When all else fails, read the instructions."      -- Cahn's Axiom
"Our policy is, when in doubt, do the right thing."   -- Roy L Ash

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- ttys, setuid & security...
  - From: Vincent Renardias <vincent@waw.com>

Prev by Date: Re: RFC: Policy for arch specs
Next by Date: Re: FreeQt ?
Previous by thread: ttys, setuid & security...
Next by thread: Re: dpkg verify mode for security?
Index(es):
- Date
- Thread