Date: Sat, 20 Jan 2001 12:45:30 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Kris Kennaway <kris@FreeBSD.org> Cc: audit@FreeBSD.org Subject: Re: openpty(8) helper app Message-ID: <20010120124530.A332@ringworld.oblivion.bg> In-Reply-To: <20010120011948.A37806@citusc17.usc.edu>; from kris@FreeBSD.org on Sat, Jan 20, 2001 at 01:19:48AM -0800 References: <20010120011948.A37806@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 20, 2001 at 01:19:48AM -0800, Kris Kennaway wrote: > For a long time now I've been wanting to fix openpty(3) to work > correctly for non-root users, i.e. to change the ownership and file > permissions so that it is secure for non-root callers (presently it's > a big security hole than ptys obtained will still be world > readable/writable, so applications cannot use them securely). > > Then I discovered bin/9770, which is a solution to this problem which > has existed for almost 2 years :-) > > Here's the patch - please review carefully: > > Kris > [snip] > diff -u -r1.10 pty.c > --- lib/libutil/pty.c 1999/08/28 00:05:51 1.10 > +++ lib/libutil/pty.c 2001/01/20 08:49:27 > @@ -43,16 +43,61 @@ > #include <sys/types.h> > #include <sys/ioctl.h> > #include <sys/stat.h> > +#include <sys/wait.h> > > #include <errno.h> > #include <fcntl.h> > #include <grp.h> > +#include <signal.h> > #include <stdlib.h> > #include <string.h> > #include <termios.h> > +#include <time.h> > #include <unistd.h> > #include <libutil.h> > > +#ifndef _PATH_TTYMODE > +#define _PATH_TTYMODE "/usr/libexec/ttymode" > +#define NAME_TTYMODE "ttymode" > +#endif Shouldn't _PATH_TTYMODE be also defined in /usr/include/paths.h? G'luck, Peter -- Nostalgia ain't what it used to be. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010120124530.A332>