Date: Fri, 7 Jan 2011 11:53:06 +0100 From: Gary Jennejohn <gljennjohn@googlemail.com> To: Garrett Cooper <gcooper@FreeBSD.org> Cc: FreeBSD Current <freebsd-current@freebsd.org>, Ed Schouten <ed@freebsd.org>, Craig Leres <leres@ee.lbl.gov> Subject: Re: xterm -C and TIOCCONS vs. PRIV_TTY_CONSOLE Message-ID: <20110107115306.2bfd15d8@ernst.jennejohn.org> In-Reply-To: <AANLkTi=gHW=ShE_p=LPj-k1FC1e2-SpAWxyAsD=2MF7o@mail.gmail.com> References: <4D268557.2090704@ee.lbl.gov> <AANLkTinWu9-ZP_D0ShfvAtDpbuRPWa81hLb3hw=OQoxX@mail.gmail.com> <4D268B98.3080906@ee.lbl.gov> <AANLkTinEG7SJ80Ljrecg%2Bq_TOGy8bicKVUPZRRpzieV%2B@mail.gmail.com> <4D269B72.4040709@ee.lbl.gov> <AANLkTi=gHW=ShE_p=LPj-k1FC1e2-SpAWxyAsD=2MF7o@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 Jan 2011 21:09:05 -0800 Garrett Cooper <gcooper@FreeBSD.org> wrote: > On Thu, Jan 6, 2011 at 8:49 PM, Craig Leres <leres@ee.lbl.gov> wrote: > > On 01/06/11 20:05, Garrett Cooper wrote: > >> Just to make sure we're both on the same page: > >> > >> $ grep xterm /etc/ttys > >> ttyv0 "/usr/libexec/getty Pc" xterm on secure > >> ttyv1 "/usr/libexec/getty Pc" xterm on secure > >> ttyv2 "/usr/libexec/getty Pc" xterm on secure > >> ttyv3 "/usr/libexec/getty Pc" xterm on secure > >> ttyv4 "/usr/libexec/getty Pc" xterm on secure > >> ttyv5 "/usr/libexec/getty Pc" xterm on secure > >> ttyv6 "/usr/libexec/getty Pc" xterm on secure > >> ttyv7 "/usr/libexec/getty Pc" xterm on secure > >> ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure > > > > No, that's not what mine looks like. I changed it to match and rebooted > > but it doesn't help with the TIOCCONS issue. > > > > When I run xinit, it starts up the xterm -C which does a TIOCCONS. The > > 8.1 kernel checks for PRIV_TTY_CONSOLE which isn't set and denies the > > request: > > > > case TIOCCONS: > > /* Set terminal as console TTY. */ > > if (*(int *)data) { > > error = priv_check(td, PRIV_TTY_CONSOLE); > > if (error) > > return (error); > > > > /* > > * XXX: constty should really need to be locked! > > * XXX: allow disconnected constty's to be stolen! > > */ > > > > if (constty == tp) > > return (0); > > if (constty != NULL) > > return (EBUSY); > > > > tty_unlock(tp); > > constty_set(tp); > > tty_lock(tp); > > } else if (constty == tp) { > > constty_clear(); > > } > > return (0); > > > > > > There's nothing I see in all of /usr/src that turns on PRIV_TTY_CONSOLE > > in any case. You could rewrite the above like this: > > > > case TIOCCONS: > > /* Set terminal as console TTY. */ > > if (*(int *)data) { > > return (EPERM) > > } else if (constty == tp) { > > constty_clear(); > > } > > return (0); > > > > and it won't change any behavior. > > Ok -- figured I would ask about the obvious. I wish I could help > you further right now, but unfortunately I have a lot on my plate. > I've CCed ed@ and the list again so that someone else might be able to > chime in and help you further. > I'd say there are a few factors which come into play here: 1) the setting of security.bsd.suser_enabled, default 1 2) kern_tty.c checking for a cred which is never set 3) whether xterm is setuid root a) suser_enabled is almost guaranteed to be 1 on OP's system since just about nothing works when it is set to 0 (tried that) b) the kernel checking for the cred PRIV_TTY_CONSOLE is probably a bug since it never gets set anywhere. However, this usually isn't noticed because c) xterm is generally setuid root and the logic in priv_check_cred() in kern_priv.c doesn't even look at what cred is set to, except for a few which can raise some limits, because cr_uid is 0 (super user) So, the crux of the matter is whether OP's xterm is setuid root. My xterm is and I can run 'xterm -C' without a problem. -- Gary Jennejohn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110107115306.2bfd15d8>