This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH 1/1] linux ttyname and ttyname_r: do not return wrong results
- From: "Serge E. Hallyn" <serge at hallyn dot com>
- To: Andreas Schwab <schwab at linux-m68k dot org>
- Cc: "Serge E. Hallyn" <serge at hallyn dot com>, Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org, Stéphane Graber <stgraber at ubuntu dot com>
- Date: Mon, 3 Oct 2016 09:05:32 -0500
- Subject: [PATCH 1/1] linux ttyname and ttyname_r: do not return wrong results
- Authentication-results: sourceware.org; auth=none
- References: <20160806020855.GA19897@mail.hallyn.com> <20160806084559.GS6702@vapier.lan> <20160806150002.GA24315@mail.hallyn.com> <20160809211841.GB2566@altlinux.org> <20160809213937.GA3392@mail.hallyn.com> <b4f86770-9dbe-99aa-ac84-d4c6cc753189@redhat.com> <20160810230351.GA20138@mail.hallyn.com> <20160810231818.GA20183@altlinux.org> <20161003061602.GA5257@mail.hallyn.com> <m2y425ki1b.fsf@linux-m68k.org>
If a link (say /proc/self/fd/0) pointint to a device, say /dev/pts/2, in
a parent mount namespace is passed to ttyname, and a /dev/pts/2 exists
(in a different devpts) in the current namespace, then it returns
/dev/pts/2. But /dev/pts/2 is NOT the current tty, it is a different
file and device.
Detect this case and return ENODEV. Userspace can choose to take this
as a hint that the fd points to a tty device but to act on the fd rather
than the link.
---
sysdeps/unix/sysv/linux/ttyname.c | 28 ++++++++++++++++++++++++----
sysdeps/unix/sysv/linux/ttyname_r.c | 29 +++++++++++++++++++++++++----
2 files changed, 49 insertions(+), 8 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/ttyname.c b/sysdeps/unix/sysv/linux/ttyname.c
index 7a001b4..798f396 100644
--- a/sysdeps/unix/sysv/linux/ttyname.c
+++ b/sysdeps/unix/sysv/linux/ttyname.c
@@ -25,6 +25,7 @@
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
+#include <sys/sysmacros.h>
#include <_itoa.h>
@@ -33,6 +34,19 @@
char *__ttyname;
#endif
+/* Return true if this is a UNIX98 pty device, as defined in
+ linux/Documentation/devices.txt. */
+static int
+is_pty (struct stat64 *sb)
+{
+#ifdef _STATBUF_ST_RDEV
+ int m = major (sb->st_rdev);
+ return (136 <= m && m <= 143);
+#else
+ return false;
+#endif
+}
+
static char *getttyname (const char *dev, dev_t mydev,
ino64_t myino, int save, int *dostat)
internal_function;
@@ -170,12 +184,18 @@ ttyname (int fd)
#ifdef _STATBUF_ST_RDEV
&& S_ISCHR (st1.st_mode)
&& st1.st_rdev == st.st_rdev
-#else
- && st1.st_ino == st.st_ino
- && st1.st_dev == st.st_dev
#endif
- )
+ && st1.st_ino == st.st_ino
+ && st1.st_dev == st.st_dev)
return ttyname_buf;
+
+ /* If the link doesn't exist, then it points to a device in another
+ namespace. */
+ if (is_pty (&st))
+ {
+ __set_errno (ENODEV);
+ return NULL;
+ }
}
if (__xstat64 (_STAT_VER, "/dev/pts", &st1) == 0 && S_ISDIR (st1.st_mode))
diff --git a/sysdeps/unix/sysv/linux/ttyname_r.c b/sysdeps/unix/sysv/linux/ttyname_r.c
index d15bc74..2573729 100644
--- a/sysdeps/unix/sysv/linux/ttyname_r.c
+++ b/sysdeps/unix/sysv/linux/ttyname_r.c
@@ -25,6 +25,7 @@
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
+#include <sys/sysmacros.h>
#include <_itoa.h>
@@ -32,6 +33,19 @@ static int getttyname_r (char *buf, size_t buflen,
dev_t mydev, ino64_t myino, int save,
int *dostat) internal_function;
+/* Return true if this is a UNIX98 pty device, as defined in
+ linux/Documentation/devices.txt. */
+static int
+is_pty (struct stat64 *sb)
+{
+#ifdef _STATBUF_ST_RDEV
+ int m = major (sb->st_rdev);
+ return (136 <= m && m <= 143);
+#else
+ return false;
+#endif
+}
+
static int
internal_function attribute_compat_text_section
getttyname_r (char *buf, size_t buflen, dev_t mydev, ino64_t myino,
@@ -152,12 +166,19 @@ __ttyname_r (int fd, char *buf, size_t buflen)
#ifdef _STATBUF_ST_RDEV
&& S_ISCHR (st1.st_mode)
&& st1.st_rdev == st.st_rdev
-#else
- && st1.st_ino == st.st_ino
- && st1.st_dev == st.st_dev
#endif
- )
+ && st1.st_ino == st.st_ino
+ && st1.st_dev == st.st_dev)
return 0;
+
+ /* If the link doesn't exist, then it points to a device in another
+ namespace. If it is a UNIX98 pty, then return the /proc/self
+ fd, as it points to a name unreachable in our namespace. */
+ if (is_pty (&st))
+ {
+ __set_errno (ENODEV);
+ return ENODEV;
+ }
}
/* Prepare the result buffer. */
--
2.7.4