Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20141101214503.GK22465@brightrain.aerifal.cx>
Date: Sat, 1 Nov 2014 17:45:03 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Add login_tty

On Sat, Nov 01, 2014 at 10:15:23PM +0100, Felix Janda wrote:
> > But in this case they're not correct:
> > 
> > >  int forkpty(int *m, char *name, const struct termios *tio, const struct winsize *ws)
> > >  {
> > > -	int s, t, i, istmp[3]={0};
> > > +	int s;
> > >  	pid_t pid;
> > >  
> > >  	if (openpty(m, &s, name, tio, ws) < 0) return -1;
> > >  
> > > -	/* Ensure before forking that we don't exceed fd limit */
> > > -	for (i=0; i<3; i++) {
> > > -		if (fcntl(i, F_GETFL) < 0) {
> > > -			t = fcntl(s, F_DUPFD, i);
> > > -			if (t<0) break;
> > > -			else if (t!=i) close(t);
> > > -			else istmp[i] = 1;
> > > -		}
> > > -	}
> > 
> > This loop is checking whether fd 0/1/2 are already open in the parent,
> > and if not, temporarily allocating them prior to fork to detect an
> > error before fork, since we can't handle errors after fork. The idea
> > is that dup2 might fail when dup'ing onto an unallocated fd, but
> > should never fail when atomically replacing an existing one. I'm not
> > 100% sure this is correct -- the kernel might deallocate some resource
> > then reallocate, rather than using in-place, in which case there would
> > be a resource exhaustion leak -- but that's at least the intent of the
> > code.
> 
> I still don't understand how dup2 can fail when fd 0/1/2 are not open in
> the parent. AFAIU, limits on the number of open fds are imposed by an
> upper bound on the value of any fd. For the dup2 calls we know that the
> newfds are certainly within the limits.

Indeed, looking at the kernel code, I don't see any error paths where
this operation could fail. I had figured some allocations might be
needed to represent the new fd in the fd table, but it seems not. So
the current code is probably unnecessary.

> > > +int login_tty(int fd)
> > > +{
> > > +	setsid();
> > > +	if (ioctl(fd, TIOCSCTTY, (char *)0)) return -1;
> > > +	dup2(fd, 0);
> > > +	dup2(fd, 1);
> > > +	dup2(fd, 2);
> > > +	if (fd>2) close(fd);
> > > +	return 0;
> > > +}
> > 
> > Is login_tty supposed to close the fd passed to it?
> 
> The man page says so.

OK. Surprising, but whatever. :)

In that case maybe your patch is okay as-is, aside from needing to be
factored into two changes -- one for removing useless code and the
other for separating-out login_tty.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.