From owner-freebsd-current  Thu Apr 25 04:13:59 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id EAA02332
          for current-outgoing; Thu, 25 Apr 1996 04:13:59 -0700 (PDT)
Received: from robin.mcnc.org.mcnc.org (robin.mcnc.org [128.109.130.29])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id EAA02326
          Thu, 25 Apr 1996 04:13:56 -0700 (PDT)
Received: by robin.mcnc.org.mcnc.org (8.6.9/MCNC/8-10-92)
	id HAA02980; Thu, 25 Apr 1996 07:13:55 -0400
	for 
Date: Thu, 25 Apr 1996 07:13:55 -0400
From: "Frank E. Terhaar-Yonkers" <fty@mcnc.org>
Message-Id: <199604251113.HAA02980@robin.mcnc.org.mcnc.org>
To: bde@zeta.org.au, sos@FreeBSD.org
Subject: Re: minor syscons bogon
Cc: current@FreeBSD.org, freebsd-current@FreeBSD.org
X-Face: ,fjtWiMPydUaSQl%8[eTg`u:^BXt&T)Sny(6w\*U"5D9H[Z$kG%Q/z;Z=NwrPiXf-aMF3R)
 Rsand$,]26-8>5@HD(A3A79gN|0%NHsdek4mT8E,>j+\w!~d2#nH;~NV!5a0"`5$Cj8d\or(Jy/JQ_
 |uc;C[filmZ(~#lre*l:<H96J/0-JCQ-nR>|O%d/PJFy`.5w8)sMZ-)QI3TaV"j'k
Sender: owner-current@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Does anything actually use this kludge?  Like, how would an application
even know that /dev/ttyv[MAXCONS] == /dev/console ?  This is very ugly.

- Frank

 >> >>       if (unit == MAXCONS)
 >> >>         return CONSOLE_TTY;
 >
 >Note that (unit == MAXCONS) case is handled 2 lines after the patched
 >line, and this handling is always a no-op if the patch is applied.  Thus
 >the patch is at best incomplete.
 >
 >There are certainly some bugs here.  If /dev/ttyvn exists for n =
 >MAXCONS, then /dev/ttyvn is more or less an alias for /dev/console.
 >This causes security holes if /dev/ttyvn has weaker ownership or
 >permissions than /dev/console.  Opening and closing /dev/ttyvn messes up
 >last-close stuff for /dev/console (e.g., last-closing /dev/ttyvn nukes
 >the console tty's pgrp and session pointers).
 >
 >The problem is easy to work around: don't create /dev/ttyvn for n =
 >MAXCONS.  I consider requiring this to be acceptable, although the bug
 >is in the kernel.  Root should be very careful about the ownerships,
 >permissions and existence of all devices.  There are many similar kernel
 >bugs, because many drivers don't fully decode the minor number.  E.g.,
 >the vn driver with slices disabled only decodes 5 unit bits, so there
 >are 2^27 aliases for each device, 13 of which are created by `sh MAKEDEV
 >vn0'.
 >
 >Bruce
 >

\\\\////\\\\////\\\\\////\\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\
Frank Terhaar-Yonkers,  Manager
High Performance Computing and Communications Research
MCNC
PO Box 12889	3021 Cornwallis Road
Research Triangle Park,  North Carolina  27709-2889
fty@mcnc.org   voice (919)248-1417   FAX (919)248-1455

http://www.mcnc.org/hpcc.html