Xref: utzoo alt.security:2509 alt.sources.d:1808 comp.unix.internals:2751
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!sun-barr!olivea!mintaka!ai-lab!geech.gnu.ai.mit.edu!fidelio
From: fidelio@geech.gnu.ai.mit.edu (Rob J. Nauta)
Newsgroups: alt.security,alt.sources.d,comp.unix.internals
Subject: Re: BSD tty security - an example
Message-ID: <15761@life.ai.mit.edu>
Date: 10 May 91 14:37:28 GMT
References: <15678@life.ai.mit.edu> <1991May9.182941.16988@cbnewsl.att.com>
Sender: news@ai.mit.edu
Distribution: na
Organization: The TimeWasters
Lines: 37

In article <1991May9.182941.16988@cbnewsl.att.com> urban@cbnewsl.att.com (john.urban) writes:
->In article <15678@life.ai.mit.edu> fidelio@geech.gnu.ai.mit.edu (Rob J. Nauta) writes:
->>Here's a small program I wrote a while back. It speaks for itself,
->>compile it, run it in the background (with &) and sit back.
->>This program is an official release of the TimeWasters from HOLLAND !
->>
->This program does not exhibit the problem on AT&T UNIX System V/386 Release 4.0
->Version 2.[01]. The fopen of "/dev/tty" fails because the setsid() passed
->successfully.
->
->In this small program:
->	# cat T.c
->	main()
->	{
->		setsid();
->		fopen("/dev/tty", "r");
->	}
->	# make T
->	cc -O T.c -o T
->	# truss ./T
->
->	You'll see the fopen fails w/ ENXIO.  If the setsid() is removed, then the
->fopen passes fine.
->
->
->Sincerely,
->
->John Ben Urban

The trick is, that you do a setsid() to abandon your tty, open
another to claim that as your controlling tty. If you are on
ttyp0, you run cover /dev/ttyp1 &, the open of /dev/tty really opens
/dev/ttyp1. Naturally, if you remove the setsid, the open of
/dev/tty succeeds, but it will be an open on /dev/ttyp0, and
that isn't very useful here.

Rob