From owner-freebsd-standards  Mon Dec 23 14:18:22 2002
Delivered-To: freebsd-standards@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 173C137B401
	for <freebsd-standards@freebsd.org>; Mon, 23 Dec 2002 14:18:21 -0800 (PST)
Received: from ncsmtp03.ogw.rr.com (ncsmtp03.ogw.rr.com [24.93.67.84])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 69ADF43EEA
	for <freebsd-standards@freebsd.org>; Mon, 23 Dec 2002 14:18:20 -0800 (PST)
	(envelope-from ryany@pobox.com)
Received: from mail5.nc.rr.com (fe5 [24.93.67.52])
	by ncsmtp03.ogw.rr.com (8.12.5/8.12.2) with ESMTP id gBNMHfiZ014965
	for <freebsd-standards@freebsd.org>; Mon, 23 Dec 2002 17:17:41 -0500 (EST)
Received: from cheshire.mydomain.dom ([24.25.23.20]) by mail5.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Mon, 23 Dec 2002 17:17:10 -0500
Content-Type: text/plain;
  charset="us-ascii"
From: Ryan Younce <ryany@pobox.com>
To: freebsd-standards@freebsd.org
Subject: grantpt(3)
Date: Mon, 23 Dec 2002 17:25:51 -0500
User-Agent: KMail/1.4.3
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200212231725.51831.ryany@pobox.com>
Sender: owner-freebsd-standards@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-standards.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-standards>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-standards>
X-Loop: FreeBSD.ORG

I'm currently working on the POSIX pseudo-terminal functions, and I=20
wanted to get some opinions on grantpt() [IEEE p579].

POSIX states grantpt() is to change the ownership of the slave device=20
to the real user ID of the calling process, as well as setting access=20
modes of the slave to S_IRUSR | S_IWUSR | S_IWGRP.  There's obviously=20
going to be a problem if the calling process does not have superuser=20
privileges.

Solaris actually seems to allow this for any process by wrapping the=20
permission and ownership manipulation into a setuid program called by=20
the library.  This seems to be a rather undesirable approach.

If anybody could give page 579 a read through and indicate their=20
thoughts on it, I would greatly appreciate it.  Specifically, POSIX=20
says the function "shall" change the ownership and "shall" change the=20
permissions, but I'm wondering if it is allowed to fail if sufficient=20
privileges do not exist, and if this is the right approach, or should=20
grantpt(3) always succeed regardless of permissions.

POSIX does state the function "may" fail if the corresponding slave=20
could not be accessed, but this seems vague at best.

Thanks.

=09Ryan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-standards" in the body of the message