Xref: utzoo comp.unix.wizards:25280 alt.security:2380 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!uunet!pcserver2!genesis!kdenning From: kdenning@genesis.Naitc.Com (Karl Denninger) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 4: What You Can Look Forward To Summary: Open with O_EXCL? Message-ID: <1991May1.045140.24102@pcserver2.naitc.com> Date: 1 May 91 04:51:40 GMT References: <3600: Apr2614:04:4391@kramden.acf.nyu.edu> <1991Apr30.224740.17040@pcserver2.naitc.com> <1991Apr30.231235.7874@mp.cs.niu.edu> Sender: usenet@pcserver2.naitc.com (News Poster for NNTP) Organization: AC Nielsen Co., Bannockburn IL Lines: 30 Nntp-Posting-Host: genesis.naitc.com In article <1991Apr30.231235.7874@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: >In article <1991Apr30.224740.17040@pcserver2.naitc.com> kdenning@pcserver2.naitc.com (Karl Denninger) writes: >> >>The most obvious attempts, taking over "unused" ptys slave ends, result in >>the system skipping them when assignment time comes around. This prevents >> >>The RS/6000 dynamically creates ptys, and thus doesn't suffer from the >>problem at all. > > And what exactly is there to stop somebody running a daemon which grabs >access to a pty immediately after it has been assigned, or immediately >after it has been dynamically created, but before public write access has >been turned off. Well, one could open it with O_EXCL turned on. One and only ONE process can get to that pty until it releases the exclusive flag. The process can do that well after it's turned off public write access. Heck, leave it set exclusive. Most things that have to open a terminal again would use /dev/tty, which shouldn't get in trouble with this scheme. If that is implemented for ptys, that should fit the requirement nicely. -- Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285 kdenning@nis.naitc.com "The most dangerous command on any computer is the carriage return." Disclaimer: The opinions here are solely mine and may or may not reflect those of the company.