BSD tty security - an example
Rob J. Nauta
fidelio at geech.gnu.ai.mit.edu
Sat May 11 00:37:28 AEST 1991
In article <1991May9.182941.16988 at cbnewsl.att.com> urban at cbnewsl.att.com (john.urban) writes:
->In article <15678 at life.ai.mit.edu> fidelio at geech.gnu.ai.mit.edu (Rob J. Nauta) writes:
->>Here's a small program I wrote a while back. It speaks for itself,
->>compile it, run it in the background (with &) and sit back.
->>This program is an official release of the TimeWasters from HOLLAND !
->>
->This program does not exhibit the problem on AT&T UNIX System V/386 Release 4.0
->Version 2.[01]. The fopen of "/dev/tty" fails because the setsid() passed
->successfully.
->
->In this small program:
-> # cat T.c
-> main()
-> {
-> setsid();
-> fopen("/dev/tty", "r");
-> }
-> # make T
-> cc -O T.c -o T
-> # truss ./T
->
-> You'll see the fopen fails w/ ENXIO. If the setsid() is removed, then the
->fopen passes fine.
->
->
->Sincerely,
->
->John Ben Urban
The trick is, that you do a setsid() to abandon your tty, open
another to claim that as your controlling tty. If you are on
ttyp0, you run cover /dev/ttyp1 &, the open of /dev/tty really opens
/dev/ttyp1. Naturally, if you remove the setsid, the open of
/dev/tty succeeds, but it will be an open on /dev/ttyp0, and
that isn't very useful here.
Rob
More information about the Comp.unix.internals
mailing list