From owner-freebsd-audit Sat Jan 20 2:48:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id 2DA6937B400 for ; Sat, 20 Jan 2001 02:46:59 -0800 (PST) Received: (qmail 997 invoked by uid 1000); 20 Jan 2001 10:45:30 -0000 Date: Sat, 20 Jan 2001 12:45:30 +0200 From: Peter Pentchev To: Kris Kennaway Cc: audit@FreeBSD.org Subject: Re: openpty(8) helper app Message-ID: <20010120124530.A332@ringworld.oblivion.bg> Mail-Followup-To: Kris Kennaway , audit@FreeBSD.org References: <20010120011948.A37806@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010120011948.A37806@citusc17.usc.edu>; from kris@FreeBSD.org on Sat, Jan 20, 2001 at 01:19:48AM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jan 20, 2001 at 01:19:48AM -0800, Kris Kennaway wrote: > For a long time now I've been wanting to fix openpty(3) to work > correctly for non-root users, i.e. to change the ownership and file > permissions so that it is secure for non-root callers (presently it's > a big security hole than ptys obtained will still be world > readable/writable, so applications cannot use them securely). > > Then I discovered bin/9770, which is a solution to this problem which > has existed for almost 2 years :-) > > Here's the patch - please review carefully: > > Kris > [snip] > diff -u -r1.10 pty.c > --- lib/libutil/pty.c 1999/08/28 00:05:51 1.10 > +++ lib/libutil/pty.c 2001/01/20 08:49:27 > @@ -43,16 +43,61 @@ > #include > #include > #include > +#include > > #include > #include > #include > +#include > #include > #include > #include > +#include > #include > #include > > +#ifndef _PATH_TTYMODE > +#define _PATH_TTYMODE "/usr/libexec/ttymode" > +#define NAME_TTYMODE "ttymode" > +#endif Shouldn't _PATH_TTYMODE be also defined in /usr/include/paths.h? G'luck, Peter -- Nostalgia ain't what it used to be. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message