From owner-freebsd-arch@FreeBSD.ORG Sat Jan 6 20:13:30 2007 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 93E0516A407 for ; Sat, 6 Jan 2007 20:13:30 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 552A613C44C for ; Sat, 6 Jan 2007 20:13:30 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id ECD701747B; Sat, 6 Jan 2007 19:48:37 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.13.8/8.13.8) with ESMTP id l06JmTlP010320; Sat, 6 Jan 2007 19:48:29 GMT (envelope-from phk@critter.freebsd.dk) To: Jonathan Dama From: "Poul-Henning Kamp" In-Reply-To: Your message of "Sat, 06 Jan 2007 11:14:01 PST." <20070106191401.GC8574@heave.ugcs.caltech.edu> Date: Sat, 06 Jan 2007 19:48:29 +0000 Message-ID: <10319.1168112909@critter.freebsd.dk> Sender: phk@critter.freebsd.dk Cc: Ed Schouten , freebsd-arch@freebsd.org Subject: Re: [ed@fxq.nl: Request for PTY/devfs changes] X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 20:13:30 -0000 In message <20070106191401.GC8574@heave.ugcs.caltech.edu>, Jonathan Dama writes : >- Dev_clone event handlers cannot determine whether a LOOKUP or a CREATE > is performed. When you create a small script that performs a stat() on > /dev/ptyp0 to /dev/ptySv, you create a bunch of device nodes that > aren't bound to a real pty controller (which leads to ucred 'leaks'). > Only invoking the event handler when a CREATE is performed simplifies > the entire pty design, because we could immediately construct the pty > structure. The pts code also suffers from this bug. A simple stat() on > /dev/ptmx causes a pts to be created. The leak obviously is a bug. But only calling the handler on CREATE will not work, because plenty of programs will stat(2) first and find nothing there and complain to the user. It doesn't even work to send a "this if for a create" flag along for the dev_clone, because another process might race in and do something silly before we get to that level. >- Both the pty and pts source contain some small checks to make sure you > can't open pty's from other jails. A downside of this approach is that > you can see all the system's pty's in /dev. This is thus a small > information leak. A nicer implementation that would even be more > generic would be to add a flag to cdevsw's d_flags called D_PRISONOWNED. Send patch :-) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.