Bug#988: Pty allocation: additional info
I forgot to explain the security aspects when seen from the other
side: that the three setuid-root binaries can't be exploited even when
the caller does not follow the recipe.
The worst getpty can do is set tty access to root-only. If the caller
is persistent, it could do this to all free ptys. Most programs that
allocate pty/tty pairs won't mind if this happens, since they run as
root anyway. The ones that don't can use getpty ;-). The caller
could do far more damage by simply opening all the free pty master
claimpty and releasepty both change the tty permissions for an in-use
pty. This could be a problem, which is why they both require that the
caller pass an open file descriptor for that pty. Since a pty can be
opened only once, this guarantees that the caller is the process in
charge of that pty/tty pair.
I'll include this information in the man page if/when I make a getpty
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .