Date: Wed, 8 Nov 2000 15:03:38 -0800 (PST) From: Nick Sayer <nsayer@quack.kfu.com> To: freebsd-hackers@freebsd.org Subject: KDE2, konsole_grantpty and FreeBSD Message-ID: <200011082303.eA8N3c193540@medusa.kfu.com>
next in thread | raw e-mail | index | archive | help
KDE2 uses a utility called "konsole_grantpty". This is an suid program. Its job is to chown the master side (/dev/pty??) of the pty pair for konsole, which is KDE's "xterm" sort of thing. By isolating this action in a child, konsole itself does not require suid. konsole_grantpty does its job by performing the actions called for on ttyname(3) (that is, it is passed a file descriptor on fd 3 of the device it needs to fiddle). The problem is that ttyname() fails on all /dev/pty?? devices. This is because the first thing ttyname does is perform a tcgetattr() to see if it's really a terminal or not. This fails. So something has to give. Either konsole_grantpty has to find some other way of turning a file descriptor into a /dev entry in a way that can't be exploited by someone else redirecting stuff into it, or ttyname() has to be made a bit more lax, or pty's have to look like tty's to ttyname(). Anyone have any ideas? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011082303.eA8N3c193540>