Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 30 Jan 2015 22:29:53 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: isatty false positives and device state clobbering

As can be seen by strace, the TCGETS ioctl used by
isatty/fdopen/__stdout_write to determine whether a file descriptor is
a terminal is aliased by the SNDCTL_TMR_TIMEBASE ioctl for OSS sound
devices. This is an utterly stupid legacy mistake, but it means the
ioctl could spuriously succeed and change the state (time base) of a
midi sequencer device when it's intended just to query whether the
device is a terminal.

Even though it's unlikely to arise in practice, I'd like to find a
clean solution to the problem. I see two general approaches:

1. Use fstat first and blacklist the sound device major before using
   the ioctl, or even hard-code a list of tty majors and determine
   positive tty status by device number.

2. Find an ioctl that doesn't clash with OSS (or anything else, but
   OSS is the only driver I know with this bogus ioctl space collision
   with ttys) and that doesn't change the tty state, and use that
   instead.

I strongly prefer strategy 2; hard-coding device numbers seems really
backwards and precludes portability of source/binaries to platforms
that provide identical names and userspace API/ABI but different
device numbering.

OSS seems to use the range 0x5401 to 0x5408, so some possible
candidates for strategy 2 seem to be:

#define TIOCGPGRP       0x540F
#define TIOCOUTQ        0x5411
#define TIOCGWINSZ      0x5413
#define FIONREAD        0x541B

Perhaps TIOCGPGRP is best if it works for ttys that aren't the
controlling tty for a process group, since it corresponds to a
standard POSIX feature and would need to be present on any system
where the tcgetpgrp() is implemented via ioctl. The others are
nonstandard but widely supported extensions for querying terminal
buffer state and window size.

It's also worth checking whether these are defined differently on any
particular archs (e.g. mips, uhg) and whether the definitions there
might clash with OSS ioctl numbers, in which case selecting a
different one would be preferable.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.