Path: utzoo!attcan!uunet!aplcen!haven!mimsy!chris From: chris@mimsy.umd.edu (Chris Torek) Newsgroups: comp.unix.questions Subject: Re: Preventing Idle in telnet, security, and bg. Message-ID: <26767@mimsy.umd.edu> Date: 29 Sep 90 04:55:29 GMT References: <2911@idunno.Princeton.EDU> Distribution: comp Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742 Lines: 124 Incidentally, the fact that backgrounded programs can continue to access their old control terminal is a `feature' (a documented bug, actually) of older Unix systems, including 4.3BSD and 4.3BSD-tahoe but not 4.3BSD-reno. The new POSIX terminal interface (with a lot of help from the vnode code) makes sure that control terminals are no longer accessible when the session that made that terminal a control terminal loses its session leader (typically, its login shell). In addition, the BSD kernel no longer attaches the first terminal you open as your control terminal. This means that daemons need not fork before opening terminals, but also means that programs like xterm and Emacs that start shells on ptys need changes. Specifically, they must do a TIOCSCTTY ioctl (Set Control TTY) and---if they want a new session, rather than just a new process group---a setsid(). A sample change (the one I made to our local variant of Gosling Emacs) appears below. Note that NTTYDISC is also gone. =================================================================== RCS file: RCS/pchan.c,v retrieving revision 3.4 retrieving revision 3.5 diff -c2 -r3.4 -r3.5 *** /tmp/,RCSt1003604 Sat Sep 29 00:51:40 1990 --- /tmp/,RCSt2003604 Sat Sep 29 00:51:42 1990 *************** *** 178,185 **** { register int pid; ! int channel, pgrp, len, ld; char *ptyname, *sh; char line[100]; ! char *shell(); extern int UseCshOptionF; extern int UseUsersShell; --- 178,185 ---- { register int pid; ! int channel, len; char *ptyname, *sh; char line[100]; ! char *shell(), *sindex(); extern int UseCshOptionF; extern int UseUsersShell; *************** *** 195,198 **** --- 195,199 ---- } if (pid == 0) { + int i; /* short term use only (3 or 4 lines) */ #ifdef ce fprintf(err_file, "Creating pid %d on %s\n", getpid(), ptyname); *************** *** 202,208 **** /* signal(SIGINT, SIG_DFL); */ /* signal(SIGQUIT, SIG_DFL); */ ! if ((ld = open("/dev/tty", 2)) >= 0) { ! (void) ioctl(ld, TIOCNOTTY, 0); ! (void) close(ld); } (void) close(2); --- 203,209 ---- /* signal(SIGINT, SIG_DFL); */ /* signal(SIGQUIT, SIG_DFL); */ ! if ((i = open("/dev/tty", 2)) >= 0) { ! (void) ioctl(i, TIOCNOTTY, 0); ! (void) close(i); } (void) close(2); *************** *** 212,218 **** /* NOTREACHED */ } ! pgrp = getpid(); ! (void) ioctl(2, TIOCSPGRP, &pgrp); ! (void) setpgrp(0, pgrp); (void) dup2(2, 0); (void) dup2(2, 1); --- 213,228 ---- /* NOTREACHED */ } ! /* ! * We want a session capable of doing job control, ! * with this terminal as the control terminal. ! */ ! #ifdef TIOCSCTTY ! (void) setsid(); ! (void) ioctl(2, TIOCSCTTY, (char *)0); ! #else ! i = getpid(); ! (void) ioctl(2, TIOCSPGRP, &i); ! (void) setpgrp(0, i); ! #endif (void) dup2(2, 0); (void) dup2(2, 1); *************** *** 229,240 **** (void) ioctl(0, TIOCSLEN, &len); #endif ! len = UseUsersShell; ! UseUsersShell = 1; ! ld = strcmp(shell(), "/bin/csh") ? OTTYDISC : NTTYDISC; ! (void) ioctl(0, TIOCSETD, &ld); ! UseUsersShell = len; ! sh = shell(); execlp(sh, sh, UseUsersShell && UseCshOptionF ? "-cf" : "-c", ! command, (char *) 0); (void) sprintfl(line, sizeof line, "Couldn't exec shell \"%s\"\n", sh); --- 239,249 ---- (void) ioctl(0, TIOCSLEN, &len); #endif ! #ifdef NTTYDISC ! i = sindex(shell(1), "csh") ? OTTYDISC : NTTYDISC; ! (void) ioctl(0, TIOCSETD, &i); ! #endif ! sh = shell(0); execlp(sh, sh, UseUsersShell && UseCshOptionF ? "-cf" : "-c", ! command, (char *)0); (void) sprintfl(line, sizeof line, "Couldn't exec shell \"%s\"\n", sh); -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 405 2750) Domain: chris@cs.umd.edu Path: uunet!mimsy!chris