Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!bonnie!akgua!mcnc!decvax!wanginst!ucadmus!harvard!seismo!brl-tgr!tgr!lcc.gm@UCLA-LOCUS.ARPA From: Greg McGary Newsgroups: net.unix-wizards Subject: Bug in setting t_pgrp? Message-ID: <8289@brl-tgr.ARPA> Date: Tue, 12-Feb-85 19:38:42 EST Article-I.D.: brl-tgr.8289 Posted: Tue Feb 12 19:38:42 1985 Date-Received: Sat, 16-Feb-85 05:53:42 EST Sender: news@brl-tgr.ARPA Organization: Ballistic Research Lab Lines: 39 In the 4.xBSD tty driver: The line-discipline open sets `t_pgrp' to the pid of the process doing the open only if `t_pgrp' was previously zero. The line-discipline close is the only place `t_pgrp' is zeroed. It is called out of the device close which gets called only on the final close of the tty device. With the job-control csh, background process(es) are normally allowed to continue running when a person logs out. With non-job shells, it is possible for bg processes to continue running after logout via nohup(1). The bg process(es) may have inherited the open tty from the shell, so when the shell exits and closes the tty, this is not a final close. Thus no device close, thus no line-discipline close, thus `t_pgrp' retains the pgrp of the dead shell. The next person who logs in on that terminal will have their shell and controlling-tty placed in the pgrp of that dead shell. Somewhere down the line, the pid of the dead shell will be reused. If the process that reuses this pid happens to be a pgrp leader, and that `next person' mentioned above is still logged in, they can literally have their signals crossed. Granted, chances are pretty slim that this precise set of circumstances will arise. The thing I'm really puzzled about is the tty open code that allows the non-zero `t_pgrp' to live on. All of the code that messes with controlling-tty linkages sits inside an if-statement that is supposed to determine if the process doing the open is a child of init(8). It seems to me that being a child of init is enough qualification for claiming the tty as the control terminal. It seems clearly *wrong* to perpetrate the pgrp of a probably dead process. Does anyone know why the test for a zero `t_pgrp' is in the tty line-discipline open code? Greg McGary Locus Computing Corporation lcc!gm@ucla-cs {ucivax,trwb}!lcc!gm {ihnp4,randvax,sdcrdcf,ucbvax,trwspp}!ucla-cs!lcc!gm