Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Feb 2001 10:37:35 -0500 (EST)
From:      Robert Watson <rwatson@freebsd.org>
To:        Lists Account <lists@security.za.net>
Cc:        hackers@freebsd.org
Subject:   Re: Jail Pseudo Terminals 
Message-ID:  <Pine.NEB.3.96L.1010213103208.5215A-100000@fledge.watson.org>
In-Reply-To: <Pine.BSF.4.21.0102130708170.31659-100000@security.za.net>

next in thread | previous in thread | raw e-mail | index | archive | help

Generally speaking, applications expect terminal names to use the
following pattern: tty followed by two characterS:

Possible first character: pqrsPQRS
Possible second character: 0123456789abcdefghijklmnpopqrstuv

Normally the selection and allocation of a pty is done transparently to
the application using the openpty() call.  The names you've provided don't
fit that pattern, although as long as an application finds them, they work
fine.  This suggests that ssh is not using openpty(), or that something
else is going on here.  In any case, the supported way to create pty
device nodes is:

sh MAKEDEV pty0		# first 32 ptys
sh MAKEDEV pty1		# second 32 ptys
sh MAKEDEV pty2		# third 32 ptys

Up to a possible pty7, offering a maximum of 256 pty's.  It's possible to
get a FreeBSD box to do more than that, but you'll need to tweak the
kernel, as well as libutil and rebuild appropriate applications.  It's
possibly someone has removed the 256 bound in -CURRENT, although I don't
believe they have (haven't checked lately though).  So my advice would be
to start again by blowing away the ttyp*/pty* in your jail dev directory,
and using the MAKEDEV script to create pty0-pty2 and see if that works
better.  One of the really nice things about -CURRENT is that we now use
devfs by default (don't try this in -STABLE), although I'm not sure how
adapted devfs for jail() right now.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Tue, 13 Feb 2001, Lists Account wrote:

> Hi,
> 
> Ok this is getting a bit strange.  Interestingly enough ssh works 100%
> with my method of tty creation, having created (from outside the
> jail) ttyp32 - ttyp100 (with the minor/major numbers set as 5,XX where XX
> is ttypXX), and a mknod type of c, ssh allocates ttys fine, however screen
> still tells me there are no ttys available?
> 
> Any ideas?
> 
> Andrew
> 
> On Mon, 12 Feb 2001, Robert Watson wrote:
> 
> > 
> > On Mon, 12 Feb 2001, Lists Account wrote:
> > 
> > > Just a quick question Im hoping someone can help me with.  I extended
> > > the number of pty's available on my base box just fine, with an edit to
> > > /etc/ttys and making some new devices, then just a kill -1 1, and
> > > everything worked fine. 
> > > 
> > > I did exactly the same thing under the jail, it didnt work, rebooted the
> > > box and it still didnt work, does anyone know how to extend the number
> > > of pty's under a jail?  Any help would be MUCH appreciated
> > 
> > Hmm.  What do you mean by, ``I did exactly the same thing under the jail''
> > -- the mknod() syscall for device nodes is unavailable under jail() so as
> > to prevent the creation of inappropriate devices that might allow the
> > attacker to circumvent the jail() protections.  So there are two things
> > you could have done: (1) used MAKEDEV under jail(), and either it didn't
> > generate appropriate error messages, or you missed them, and you should be
> > running the MAKEDEV in the per-jail /dev directory, but not from within
> > the jail(), or (2) you ran MAKEDEV outside the jail, and something else is
> > broken.  My first guess would be that you did (1), and running MAKEDEV
> > outside of a jail() process but in the jail() /dev will fix things. 
> > 
> > Also, generally speaking, pty's are not managed by init, rather, they are
> > dynamically allocated using openpty(), so you shouldn't need to HUP init,
> > or even modify /etc/ttys.  In fact, from within a jail(), you should be
> > unable to successfully HUP the pid 1 init process. 
> > 
> > Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
> > robert@fledge.watson.org      NAI Labs, Safeport Network Services
> > 
> > 
> > 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010213103208.5215A-100000>