From rk@merlin.rz.tu-clausthal.de  Thu Jan 28 19:15:23 1999
Received: from merlin.rz.tu-clausthal.de (merlin.rz.tu-clausthal.de [139.174.1.23])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA07557
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 28 Jan 1999 19:15:22 -0800 (PST)
          (envelope-from rk@merlin.rz.tu-clausthal.de)
Received: (from rk@localhost) 
	by merlin.rz.tu-clausthal.de (8.9.2/8.9.1)
	id EAA38998;
	Fri, 29 Jan 1999 04:15:19 +0100 (CET)
Message-Id: <199901290315.EAA38998@merlin.rz.tu-clausthal.de>
Date: Fri, 29 Jan 1999 04:15:19 +0100 (CET)
From: Ronald Kuehn <kuehn@rz.tu-clausthal.de>
Reply-To: kuehn@rz.tu-clausthal.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: An openpty(3) auxiliary program
X-Send-Pr-Version: 3.2

>Number:         9770
>Category:       bin
>Synopsis:       [patch] An openpty(3) auxiliary program
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jhb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 28 19:20:01 PST 1999
>Closed-Date:    Mon Jan 14 23:51:39 UTC 2008
>Last-Modified:  Tue Jan 15 00:00:06 UTC 2008
>Originator:     Ronald Kuehn
>Release:        FreeBSD 3.0-STABLE i386
>Organization:
TU Clausthal, Computing Center
>Environment:

Patches are for 4.0-CURRENT sources as of about Jan 24 1999.

>Description:

This  is  a   simple  implementation  of  an   auxiliary  program  for
openpty(3). It sets  the owner, group and mode of  pseudo terminals if
the caller  of openpty(3) is not  the super-user. It is  modeled after
similar  programs found  in  Solaris or  Digital  Unix. The  contained
program  "/usr/libexec/ttymode" should  be installed  setuid root.  If
someone really  wants to commit  it, it should be  carefully reviewed.
With  these modifications,  it  should be  possible  for programs  not
running with effective  userid of the super-user to  securely obtain a
pseudo terminal.


>How-To-Repeat:

openpty(3) currently  tries to change  the owner of an  obtained slave
pseudo terminal  to the  owner of  the calling  process, the  group to
"tty" (if available)  and the mode to 0620. This  obviously only works
if the caller is running under effective userid of the super-user.

>Fix:

The  files "libutil.diff"  and "libexec.diff"  contain the  patches to
src/lib/libutil and src/libexec/Makefile.

begin 644 ttymode-changes.tar.gz
M'XL("/0AL38"`W1T>6UO9&4M8VAA;F=E<RYT87(`[3II=]M&DOY*_(J*9IY#
M2B`)\)(LC1)3)"1A0Y%:`(SLY_AI(*!)X@D$.#ATO+'_^U9U`[PD.]D-I>SN
M8\<1@3[J[*ZN`TGR.`U=5G8F=C!F<?7-"S1H*/O-)KP!:LK:;_8"K5:S4:LI
MBJ("J+5:8_\---^\0DOCQ(X`WD1AF'QOWOV$,?_-_[N6K.G?]V[8`W,JKC<:
M;0J'JBBM1N.;^E?5>BO3O]IJMO:QI]%J*&]`V>K_Q9L>N.SA$.+(R55?O;!O
MV<CSF73\YYMD=$P@8(=03>.HZMS%U>=PR7=2Q)+(8W=>,(8(?V(O#$"MU/<E
MVHI03J$<T2O,R2N7R_.7@OKNW4%55:NJ`DKKL*D<UIL%OGIO;V]EUKNJHE9K
M[T!1#IO[A\VZ]/X]E)OR/NS1G_?O)3"')UW=."[8290&<(/[8N:"$TYC.T%6
M\)1$+HRH;\R2?OM"H]_D$7Z3H#!%1+?L$::W`4L\%P)[RMSRPXA%$!$@EUC#
MH7$4IC-\1A&X?&'DAV,OP.&94XG^E8:)G3WC[DRRQS1F49P]W]N^3RO+!7J-
M9Y']B"/QQ(7$]F_Q+R<P31W\^Y`PA/PX>QA%TMYWYV?&X)EU($'%&\$/+LHQ
M8&ZQ/[@VM7[WHJWW2KG$]HZGMN=7_-"Q?8BG"%UZLVW_]^Q_FJ`67]'^H\E?
MLO_-!MG_?:6VM?^O;_]S]5=GR6.E_L(7P"JR;]X`K94+H`6"-#+^_(EL^GY5
MJ55K-5";A\K!85TMT"HR_/,9<ZM?.ZRU#A656_V6(K=@#__BI4&&/V*V2\AM
M-'OWD9?0\\TC)!,&X7W`(IF/C,)H?92;<S&:A!)XP9WM>ZZ=,.QZ!">-(A8D
M@/8;PA%?X*,1I<5H*?%QC,;U0T0\A[<,:E"1]G0Q+QN'610Z+([!#5D,09C`
MQ+XCX,!&(^8D'KX,]2Y!C],9B\IT5<C2'H&PTP?/]^SHD8",(WLJ[1&RW-0?
M2'M>3*01Z8!KD;TIQ^T%9/^QWT8$81!7D,K+F009:78T3J?(%O:>VORBXS)5
MZRJ)<T^M-W.Q$CI^O5W3-5D'670E+)IZ8;SH0&5!`U_*]")NR*8@-GO!L37:
MH6).X&1X9DIEZQEQ3?%P_Q%1(:\01BZ+I/*2$!#8\X(`Z(>D!6_D.39UP;V'
M<T,'-0W>2-K[_C`*#-'-6(`,2XA7="#*6^KXSH%T7O-`.M\\D`<K!_(`!&GY
M@70R5TRI*N_0M3^L-0YK2H%6Y0?267/#\-0V%;YY&G59Q1.)/RV5;YV_>8'C
MIZCJ?\2/<35YG+&X,OEIO=\+G<1_II]\)^K>6^V^MSW>#<OS610%X1J,D1,\
M@3N.9NL@O7%@/T&?N"C,)YT1BG*M,SL&:T`3;\K6)J:!AU#7.O/KFK.#ZT>X
M>T9P?=FVSJ\MZ^/%H*MAM_#:5KMAAZL_=\2S,[6SF$VN[6+RTC@>!MKD]!])
MV'/HA.`S2ZZS6454,UD$F?0]<DOH=J)_$<%NUG^$';A&C.++O_%]YKG7V..Y
M^2!N/AD(01I3%XJ98X`PIH$`_U(W31Y!$4?9%,%A;_$MC97@^!BM$7SY`CAF
MN^Y\1`93/^N<][K9%(1`7HB82)9C:L>W19QS?=(;='Z1(5OU-ER`)8X*2&`:
M!?C&R;OW$F=21/KAF)_E8JD$Q)=CH]DOJX>T8AV!J5D7;?.7#+;,V1!,[I;Z
MPUZO=/0$#P>G<&C$MYO.:D4N1AF49>(*U^S!2XJJ`$$J]HLK^I=7%,PU)516
M%*I:(F`9%&X.._433L#]!,T(%(M((#)-QPK9)Q$@0T)Q1-1"S%S.;]\"/VO4
MJ^E]RQ#D.F&`-VK*M\;_4$XD#T[*0@@KHN,3KO13[8-N:=VBH+"T,O&*QDRK
M;0W-?)S`*?`S_G^8PV%^S)Z"_RKM?>6G@A^'W,`7;>0BX;Y#[.--)(.0,AU[
M=!GNO6"&`13?\+OSJ;MB[A$WBOOOY'=XG]8:LMKD1A$1<U868NP/M+Y5$B,Y
M4464P5&AN@MAFM!M1X<#=JM\TE<@%G![EFD!.2.?FI]1A3\F/QZ)ON)=Z+DE
M<";H^!1I@DQ1;HKJ+<ET_XYQ='TJGOQLJGFM&T/3^(*_5_GOF7$IU"2(SZ%Q
M\8J3\@PMHO./$;,V=TY--D![[W?HFHME!=2R71/(A9KF*)^C^:M01@9">'9\
M-:Z:*[#(M8SK:*]DL`?71O?*$.?F![Z1D1ZAV'Q_X`+Q<"1M/OXSM';W0MML
MC/%[^;]:JS[/_[::E/^K\_SO-OY[^69-T/W'?S;>?M,9FG/^EQQ[X;JBY4#?
M^6D005%0;N+JI0KH"1V4>#E8$EX[!47<6R<;%+/4#27N\J#/A->#MXAS<&/C
ME`5,HHI"'1I?N.H524)4.$0P?7+*1W0DD'C/1SUFY,5X!:>(&/UZ,\1^G(_T
M=KVQE]@^#`/OH2+Q@`%O'9L26OG";WA%$$_"U'?AAJ(!W#`^88ZY#0+:.!4)
MHZ(XG+(0'2<,(WW_$>_#@.014NIPZB'->''ASP*28T=LE-)4<J[9/7.1N2LO
MF2#+@L%Y!!&O+9V%<>S=H+9(#7.>25I1&@044=X3G$7(0Z)#6K/P<RGR0?IB
MAH$)0S+"&Q(&;@6A)\CUA&21L"AHB&%G.4.TP]6[LUPTV,F%RC'-;/2*6"P1
MFM4@@Z]\+A6,V"0C1+0N_)*R20#_B&[?1[RC$D;CG[9)Q9?,_Y%&_KKZG]K:
MKS?)_BLM=5O_^ZOTGY_(OT;_O/[7V&]M]?]7ZS\;J[Z^_EMJJ[[5__\6_6>_
M%>>%ZC^U_4:N_T:#]%]35+6Q]?]?HU5WRQ+L0B></4;>>))`T2D!Y6?ANSX8
M+FG[/O`E,?JOZ$K>D?\*NS1D,->C9"<Y>AA#D*='Q0_T">,PC1S&>V[0M<2`
M@E+M,25"T%^ER@K^AFE"4)8=8!G06:;,/'K2B7#7[SS*R2<36X0(H]#WPWM*
M5:/_Z7K<:R8HM&[*DD-Z5BMKI,6\#B!H<BA(X16#B,W]5_LFO*.A3#H$!!LE
M]QU*XI"?[B,\`K-`*PI!*S0A4L>WO2D%,`BC]I001+@DD9P0Y---D;B7H04$
MEQDD-W321>"'ZZH4X^%X!%,;8P$/([:%X.]%H,)@F8U\`UCGN@GFX-2Z:AL:
MX/.E,?A5[VI=./F(@QJTA];YP(!VOPN=0=\R]).A-3!,^.<_VR;.__%'&N*[
MK/\1M`^7AF::@`OTB\N>CF`0KM'N6[IFRJ#W.[UA5^^?R8!0H#^PH*=?4(X/
MK(%,Z`C0TY4P.(4+S>B<XVO[1._IUD=.T*EN]0G=*1$(EVW#TCO#7MN`RZ%Q
M.3`Y-&*KJYN=7EN_T+H50"(0,6B_:GT+S/-VK[?,)OY;X?)$0PK;)ST.BJ-!
M+KNZH74L8F?QU$&9(7$]&<Q+K:/3@_9!0T[:QD<Y`VMJ_SG$23A(T+KMB_89
M\E;\':F@0CI#0[L@>E$.YO#$M'1K:&EP-AAT30*%X$W-^%7O:.81]`8F%]C0
MU&1$8K4Y>H2"TL)A?#X9FCJ7F]ZW-,,87EKZH%\B0.>#*Q0,$MO&U5TNXT&?
M\XPR&A@?"2[)@ZM`AJMS#?L-$BF76IMD8:+T.A9!6YJ)6%&>UA*ST-?.>OJ9
MUN]H-#H@0%>ZJ9508[I)$W2!^:K]D?,XY.R3KI`V\;BT=66N4=!/H=W]52?B
ML\FX#TP]VS.#4X)D#COGF?2S4U#XN^[^7:*<J_1\7>H;U2WI2;5II:[DA4^Z
MLE+3<Y6F%1R4QX]7>Q=5)<(KRD<^);"ST@Y:$C0IO"3@W,6>^^DS'$MD+7:(
MNYTC*2L'2=5=X">?S%">3,%']C!C3B*JRS=9HL>%411.EU,]_)TL"AHD@I+G
M&$#D>I[/N<`)NR?KGB4U;M)Q_`,<E?F6Z[+8B;Q9@A9,@2))+2@]0XX-O%(/
M[F)Z&-#ZG:K+[J@.^O//.Y"7LRC-->)E86?"G-L8XM1Q&'-ED<,*([P'9V1Y
MJ:*?PT@$#,0M\M<E@9Q64**(9V9R%M;JUQ4AT.S[`@*![--BJL;M+#)K2JNF
M9*,5OM](?U.\PHI45K"CL2,+#>[B\]VGSR7IWU)A3/6V@LB>'TF\/E?8%<6Y
M`FZ?U$D*`NTNS:&GQ0#M#1C%-U2&NSF2))[-)CR4LJY1QKI0$)J:Y_E+N+HP
MFN&V3$:D#Q9%,NRDL3UFA_."?B;GWX(=/CVK9&@?KH<F'BOL^BH5:`(<`^=$
M_7PD<"-=/@N*7$E$@ZKP>EX2!<YT5A05E[E*=V0XX+.4T@H2LFIHN#*0/C&9
M+7V+;"X5%$=\2,'^T;S_>Z!P=25.KA$]81TMWA!6-N8%X=(8O7WY(O&:138A
M6ET=9<M_,*_Q%CHWBED_B;'T/5J*N391AF/Z$!$Y+/+])`IUO)R&Z\7&@&->
MW!(5KZ7.'$CYIW%T+38026JI"I*5/L2>%U)\IF8SGT75&C'KVS6:)9X&OQQ)
M7[>)P%>._PY>)OZK[ZOJ//Y3Z?O_FJ*HV_K/J[3*;SL@T9__;@1(:YX-`7&`
M#VX@""0P&X@""<P\#*27/Q\'$I0_'0@2D(U$@AN@)@\%,U`;B07SG;"A:)#O
MN(V$@P1I@_$@)VQ#`2'!VF!$2.`V%1(2K,W$A`1I@T$A@=M<5,C9W$Q82*!6
MXL+L1(C(4)C>K@O_80<I'??:@<P-+W8FD']Y=R!5!C'LG$:,G9A=J%<4!&%.
M^-=;4J4_S9UG?.;AT;>J[\%Z53?F8,R/_<&EJ9NKH-I1[HOS25W-[!@Z5QZ?
M9V5CO.+_A_'ET5P:I[Q`GL6"-X\2?=2;18-0EPA&5ON??WHKPC7^F;+K11C"
M^8\HS<L9)^]4[VG(P(D/Y<0>0_G><]$>Y>[^IUDYOBR;GS\IY7=V^>XSE)UP
M.K,=-)M(SZ7]S8E2]KG-4[DMK4N>62<^ZWFZ3/.%R#6T`SUSL,HVR/P]^PP8
MQ4!3A;E`?02KEW'[7[!R'4-%>D'_+Z_,O]#W/Z#N[Z_Z?^I^J[7-_[]*^QL`
M-T82FNVSXT)N`4RC8\[?*HYTT>X?+-X/I,[@TC+WC@OE*SS$DG2B]\E8'3>:
MS::D]TV\H'JGO?:9>5P>Q<YD+$F5><;I)G8KE""J3&^WWW)LV[9MV[9MV[9M
=V[9MV[9MV[9MV[9MV[9MV[:]:/LO#?,X+@!0``"J
`
end

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->kris 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon Sep 4 15:26:06 PDT 2000 
Responsible-Changed-Why:  
This looks interesting, I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 
State-Changed-From-To: open->analyzed 
State-Changed-By: kris 
State-Changed-When: Sat Jan 20 01:28:26 PST 2001 
State-Changed-Why:  
Currently being reviewed and evaluated for committing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 

From: Ronald Kuehn <rk@ronald.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/9770: An openpty(3) auxiliary program
Date: Wed, 7 Nov 2001 22:32:50 +0100

 Just a note that my address changed from kuehn@rz.tu-clausthal.de
 to rk@ronald.org.
 
 -- 
 * The whole problem with the world is that fools and fanatics are always
 * so certain of themselves, but wiser people so full of doubts.
 *                                                     --Bertrand Russell
Responsible-Changed-From-To: kris->freebsd-audit 
Responsible-Changed-By: kris 
Responsible-Changed-When: Fri Aug 23 21:15:02 PDT 2002 
Responsible-Changed-Why:  
I won't have time to look at this any time soon, but it's 
somewhat necessary. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 
Responsible-Changed-From-To: freebsd-audit->audit 
Responsible-Changed-By: johan 
Responsible-Changed-When: Sat Aug 24 19:12:07 PDT 2002 
Responsible-Changed-Why:  
Use short names for mailing list to make searches    
using the web query form work with the shown responsible. 

This also makes open PRs show up in the summery mail. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 
Responsible-Changed-From-To: audit->jmallett 
Responsible-Changed-By: jmallett 
Responsible-Changed-When: Thu Jan 2 23:32:30 PST 2003 
Responsible-Changed-Why:  
I'll take this, wrt grantpt commit, pt_chown, etc. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 
State-Changed-From-To: analyzed->feedback 
State-Changed-By: jmallett 
State-Changed-When: Mon Jun 28 02:22:14 HST 2004 
State-Changed-Why:  
Unless I hear that this is still meaningful and there should be 
action taken with regard in modern CURRENT, I'd like to close this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 

From: Nicolas Rachinsky <list@rachinsky.de>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/9770: An openpty(3) auxiliary program
Date: Wed, 7 Jul 2004 17:42:45 +0200

 I'm not using -current, but I think the problem is still there. I
 think, instead of the above solution, grantpt() should be used.
 
 I think the following change should do it, but I can't test it, since
 I have no system running -current. Sorry.
 
 Index: pty.c
 ===================================================================
 RCS file: /usr/cvs-freebsd/src/lib/libutil/pty.c,v
 retrieving revision 1.15
 diff -u -r1.15 pty.c
 --- pty.c	18 Oct 2003 10:04:16 -0000	1.15
 +++ pty.c	7 Jul 2004 15:39:46 -0000
 @@ -76,8 +76,7 @@
  					break; /* try the next pty group */
  			} else {
  				line[5] = 't';
 -				(void) chown(line, getuid(), ttygid);
 -				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
 +				(void) grantpt(master);
  				(void) revoke(line);
  				if ((slave = open(line, O_RDWR, 0)) != -1) {
  					*amaster = master;
 
 Nicolas
State-Changed-From-To: feedback->suspended 
State-Changed-By: linimon 
State-Changed-When: Sun Oct 23 19:20:44 GMT 2005 
State-Changed-Why:  
Feedback was received quite some time ago.  Mark as 'suspended' since 
nothing seems to have been done on this for a while. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 

From: Nicolas Rachinsky <nicolas@rachinsky.de>
To: bug-followup@FreeBSD.org
Cc: rk@ronald.org, jmallett@FreeBSD.org
Subject: Re: bin/9770: [patch] An openpty(3) auxiliary program
Date: Sun, 15 Oct 2006 10:02:17 +0200

 Is there any reason not to apply my above patch? It works fine with
 6.2-PRERELEASE and without a unprivileged user using e.g. script(1)
 gets a tty which is world readable and world writable. 
 
 The man page should be updated to, here is a patch, but I'm neither a
 good english speaker nor have any experience writing man pages.
 
 --- /usr/src/lib/libutil/pty.3	Sat Jul  3 01:52:19 2004
 +++ pty.3	Sun Oct 15 09:51:56 2006
 @@ -48,14 +48,16 @@
  .Fn openpty
  attempts to obtain the next available pseudo-terminal from the system (see
  .Xr pty 4 ) .
 -If it successfully finds one, it subsequently tries to change the
 +If it successfully finds one, it subsequently changes the
  ownership of the slave device to the real UID of the current process,
  the group membership to the group
  .Dq tty
  (if such a group exists in the system), the access permissions for
  reading and writing by the owner, and for writing by the group, and to
  invalidate any current use of the line by calling
 -.Xr revoke 2 .
 +.Xr revoke 2
 +using
 +.Xr granpt 3 .
  .Pp
  If the argument
  .Fa name
 @@ -132,6 +134,7 @@
  .Xr getuid 2 ,
  .Xr open 2 ,
  .Xr revoke 2 ,
 +.Xr grantpt 3 ,
  .Xr login_tty 3 ,
  .Xr pty 4 ,
  .Xr termios 4 ,
 
 Nicolas
Responsible-Changed-From-To: jmallett->jhb 
Responsible-Changed-By: jmallett 
Responsible-Changed-When: Mon Dec 17 16:44:57 PST 2007 
Responsible-Changed-Why:  
Over to John, who's been putting a lot more effort into PTYs these days than I. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 
State-Changed-From-To: suspended->closed 
State-Changed-By: jhb 
State-Changed-When: Mon Jan 14 23:50:08 UTC 2008 
State-Changed-Why:  
This is now fixed in RELENG_5 and 5.5 and later. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9770 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/9770: commit references a PR
Date: Mon, 14 Jan 2008 23:50:02 +0000 (UTC)

 jhb         2008-01-14 23:49:56 UTC
 
   FreeBSD src repository
 
   Modified files:
     lib/libutil          pty.3 
   Log:
   Update the manpage for openpty(3) to account for the recent fixes.
   Specifically, remove the BUGS section and note that openpty(3) now always
   does the various security-related steps.  Also, update the error return
   value section.  The PR below is for the original bug rather than the doc
   updates.
   
   MFC after:      1 week
   PR:             bin/9770
   
   Revision  Changes    Path
   1.14      +14 -18    src/lib/libutil/pty.3
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
