BSD tty security - an example
john.urban
urban at cbnewsl.att.com
Fri May 10 04:29:41 AEST 1991
In article <15678 at life.ai.mit.edu> fidelio at geech.gnu.ai.mit.edu (Rob J. Nauta) writes:
>Here's a small program I wrote a while back. It speaks for itself,
>compile it, run it in the background (with &) and sit back.
>This program is an official release of the TimeWasters from HOLLAND !
>
>---
> close(0); /* close stdin */
>#ifdef ULTRIX
> if(setpgrp(0,100)==-1)
> perror("setpgrp:"); /* Hopefully this works */
>#else
> if(setsid()==-1)
> perror("setsid:"); /* Disconnect from our controlling TTY and
> start a new session as sessionleader */
>#endif
> f=fopen(term,"r"); /* Open tty as a stream, this guarantees
> getting file descriptor 0 */
> if (f==NULL)
> { printf("Error opening %s with fopen()\n",term);
> exit(2);
> }
> if (DEBUG) system("ps -xu>>/dev/null &");
> fclose(f); /* Close the TTY again */
> f=fopen("/dev/tty","r"); /* We can now use /dev/tty instead */
> if (f==NULL)
> { printf("Error opening /dev/tty with fopen()\n",term);
> exit(2);
> }
This program does not exhibit the problem on AT&T UNIX System V/386 Release 4.0
Version 2.[01]. The fopen of "/dev/tty" fails because the setsid() passed
successfully.
In this small program:
# cat T.c
main()
{
setsid();
fopen("/dev/tty", "r");
}
# make T
cc -O T.c -o T
# truss ./T
You'll see the fopen fails w/ ENXIO. If the setsid() is removed, then the
fopen passes fine.
Sincerely,
John Ben Urban
More information about the Comp.unix.internals
mailing list