Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 30 Jan 2015 23:01:21 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: isatty false positives and device state clobbering

On Fri, Jan 30, 2015 at 10:29:53PM -0500, Rich Felker wrote:
> OSS seems to use the range 0x5401 to 0x5408, so some possible
> candidates for strategy 2 seem to be:
> 
> #define TIOCGPGRP       0x540F
> #define TIOCOUTQ        0x5411
> #define TIOCGWINSZ      0x5413
> #define FIONREAD        0x541B
> 
> Perhaps TIOCGPGRP is best if it works for ttys that aren't the
> controlling tty for a process group, since it corresponds to a
> standard POSIX feature and would need to be present on any system
> where the tcgetpgrp() is implemented via ioctl. The others are
> nonstandard but widely supported extensions for querying terminal
> buffer state and window size.
> 
> It's also worth checking whether these are defined differently on any
> particular archs (e.g. mips, uhg) and whether the definitions there
> might clash with OSS ioctl numbers, in which case selecting a
> different one would be preferable.

I think TIOCGPGRP looks safe against clashes:

$ grep TIOCGPGRP arch/*/bits/ioctl.h
arch/arm/bits/ioctl.h:#define TIOCGPGRP 0x540F
arch/i386/bits/ioctl.h:#define TIOCGPGRP        0x540F
arch/microblaze/bits/ioctl.h:#define TIOCGPGRP  0x540F
arch/mips/bits/ioctl.h:#define TIOCGPGRP        _IOR('t', 119, int)
arch/or1k/bits/ioctl.h:#define TIOCGPGRP        0x540F
arch/powerpc/bits/ioctl.h:#define TIOCGPGRP     _IOR('t', 119, int)
arch/sh/bits/ioctl.h:#define TIOCGPGRP           _IOR('t', 119, int)
arch/x32/bits/ioctl.h:#define TIOCGPGRP 0x540F
arch/x86_64/bits/ioctl.h:#define TIOCGPGRP      0x540F

Unfortunately, per POSIX:

    The tcgetpgrp() function shall fail if:

    [ENOTTY]
    The calling process does not have a controlling terminal, or the
    file is not the controlling terminal.

Whether it actually does or not, this function (and the underlying
ioctl, if it's implemented as an ioctl) is supposed to return ENOTTY
when the caller does not have a controlling terminal. So it doesn't
seem like it can provide the functionality we need.

Fortunately, TIOCGWINSZ, FIONREAD, and TIOCOUTQ also _seem_ to avoid
clashes (although mips has some wacky numbering for them that would
probably warrant further checks -- use of 'F' and 't' ioctl classes
instead of 'T') so it's probably a matter of checking that these are
supported on other systems we might care about (BSD Linux emulation?)
and picking one.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.