From nobody Wed Feb 9 12:22:13 2022 X-Original-To: hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DD9EA19BA404 for ; Wed, 9 Feb 2022 12:22:26 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JtzXd6vWyz3MbW; Wed, 9 Feb 2022 12:22:25 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from outgoing.leidinger.net (p5b1653d5.dip0.t-ipconnect.de [91.22.83.213]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "outgoing.leidinger.net", Issuer "R3" (verified OK)) by mailgate.Leidinger.net (Postfix) with ESMTPSA id F19B52C3C5; Wed, 9 Feb 2022 13:22:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1644409343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pRTQ9Js8dTUe3oSeYttmcoD5EFVSvLQLZ0l0BxkIfj0=; b=Em8kdkEjOg8J5WuG17bX5i5yPRI1WsV6wOI7RBXBz1x4tAueP1eOAUJ4fd7eF8JMJt5ltH Pok7WGtmGQFTWHixN/VVO8lX00MKXw78WtjkmCpERwudBIE/a0Hdo6we7nnJjqOv8kl2co g0K6BLpSXpXmyVrLCDZl/hVc12EemMaSQd53LtbXRN/iq7pS2s6lncCI+Ni7pS/hvYOu2V h8GbCgBg6zSQNMG+Use9FC6J0ygYxJO+QH1mVJUgDL7ED8bJje1ngiZm7/ZBOeJt+NuCJ+ LMqKiNa5qI5vqKjehoNqyHYsf46KHe6fOBAp/WTF+4yCDfkr+DbkylAoKJN94g== Received: from webmail.leidinger.net (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by outgoing.leidinger.net (Postfix) with ESMTPS id BF3646604; Wed, 9 Feb 2022 13:22:18 +0100 (CET) Date: Wed, 09 Feb 2022 13:22:13 +0100 Message-ID: <20220209132213.Horde.hjhX_GoM3qNT-7ucnNXd-ae@webmail.leidinger.net> From: Alexander Leidinger To: Michael Gmelin Cc: hackers@freebsd.org Subject: Re: Behavior of /dev/pts in a jail? References: <20220209113737.Horde.8QntfZV4xEkYdmHjXMgCpHN@webmail.leidinger.net> <77267259-0758-4C04-867D-77A896D133E4@freebsd.org> In-Reply-To: <77267259-0758-4C04-867D-77A896D133E4@freebsd.org> Accept-Language: de,en Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Disposition: inline X-Rspamd-Queue-Id: 4JtzXd6vWyz3MbW X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=leidinger.net header.s=outgoing-alex header.b=Em8kdkEj; dmarc=pass (policy=quarantine) header.from=leidinger.net; spf=pass (mx1.freebsd.org: domain of Alexander@leidinger.net designates 89.238.82.207 as permitted sender) smtp.mailfrom=Alexander@leidinger.net X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[hackers]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[91.22.83.213:received] X-ThisMailContainsUnwantedMimeParts: N Quoting Michael Gmelin (from Wed, 9 Feb 2022 12:56:49 +0100): > I was able to reproduce the issue locally. > > The problem is caused by jexec inheriting the pty from the jail host. > > If you use a pty that was created inside of the jail, > gpg-agent/pinentry works as expected. > > This can be accomplished, e.g., by running tmux inside of the jail: > > jexec gpgtest > pkg install tmux > tmux > gpg --gen-key > > Running sshd inside of the jail and connecting to it using ssh has > the same effect. I confirm (with ssh instead of jexec) the behavior. What I don't understand is how this works. ls is not build-in to the shell. So how can it be that the jexec-ed shell can fork ls and it sees the content of /dev/pts/, and the ls forked from gpg->gpg-agent->pinentry-wrapper can't? And how could we fix this (or why wouldn't we want to fix it)? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF