* [PATCH 0/3] Linux: Rework Linux PTY support
@ 2020-05-27 10:14 Florian Weimer
2020-05-27 10:14 ` [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking Florian Weimer
` (2 more replies)
0 siblings, 3 replies; 14+ messages in thread
From: Florian Weimer @ 2020-05-27 10:14 UTC (permalink / raw)
To: libc-alpha
BSD terminal support is pretty much always compiled out in the kernel,
and /dev does not contain the matching device nodes. Therefore, the
fallback code is unused.
Tested on x86_64-linux-gnu.
Florian Weimer (3):
login/tst-grantpt: Convert to support framework, more error checking
Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053)
Linux: Require properly configured /dev/pts for PTYs
NEWS | 12 ++++
login/tst-grantpt.c | 105 +++++++++++++++++++----------
sysdeps/unix/sysv/linux/getpt.c | 67 +-----------------
sysdeps/unix/sysv/linux/grantpt.c | 73 ++++++++++----------
sysdeps/unix/sysv/linux/ptsname.c | 95 ++------------------------
sysdeps/unix/sysv/linux/unlockpt.c | 21 ++----
6 files changed, 130 insertions(+), 243 deletions(-)
--
2.25.4
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking
2020-05-27 10:14 [PATCH 0/3] Linux: Rework Linux PTY support Florian Weimer
@ 2020-05-27 10:14 ` Florian Weimer
2020-10-02 17:08 ` Adhemerval Zanella
2020-05-27 10:14 ` [PATCH 2/3] Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053) Florian Weimer
2020-05-27 10:14 ` [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs Florian Weimer
2 siblings, 1 reply; 14+ messages in thread
From: Florian Weimer @ 2020-05-27 10:14 UTC (permalink / raw)
To: libc-alpha
The test now requires working /dev/pts pseudo-terminals.
A new subtest (test_not_ptmx) attempts to call grantpt on a
pseudo-terminal that is not a ptmx device. POSIX requires an EINVAL
error in this case.
---
login/tst-grantpt.c | 93 ++++++++++++++++++++++++++++-----------------
1 file changed, 58 insertions(+), 35 deletions(-)
diff --git a/login/tst-grantpt.c b/login/tst-grantpt.c
index 65bb344909..1d7a220fcf 100644
--- a/login/tst-grantpt.c
+++ b/login/tst-grantpt.c
@@ -1,3 +1,21 @@
+/* Test for grantpt error corner cases.
+ Copyright (C) 2001-2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
@@ -6,76 +24,81 @@
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <support/check.h>
+#include <support/temp_file.h>
+#include <support/xunistd.h>
-static int
+/* Test grantpt with a closed descriptor. */
+static void
test_ebadf (void)
{
int fd, ret, err;
fd = posix_openpt (O_RDWR);
if (fd == -1)
- {
- printf ("posix_openpt(O_RDWR) failed\nerrno %d (%s)\n",
- errno, strerror (errno));
- /* We don't fail because of this; maybe the system does not have
- SUS pseudo terminals. */
- return 0;
- }
- unlockpt (fd);
- close (fd);
+ FAIL_EXIT1 ("posix_openpt(O_RDWR) failed\nerrno %d (%m)\n", errno);
+ TEST_COMPARE (unlockpt (fd), 0);
+ xclose (fd);
ret = grantpt (fd);
err = errno;
if (ret != -1 || err != EBADF)
{
+ support_record_failure ();
printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
printf (" got: return = %d, errno = %d\n", ret, err);
- return 1;
}
- return 0;
}
-static int
+/* Test grantpt on a regular file. */
+static void
test_einval (void)
{
int fd, ret, err;
- const char file[] = "./grantpt-einval";
- fd = open (file, O_RDWR | O_CREAT, 0600);
- if (fd == -1)
- {
- printf ("open(\"%s\", O_RDWR) failed\nerrno %d (%s)\n",
- file, errno, strerror (errno));
- return 0;
- }
- unlink (file);
+ fd = create_temp_file ("tst-grantpt-", NULL);
+ TEST_VERIFY_EXIT (fd >= 0);
ret = grantpt (fd);
err = errno;
if (ret != -1 || err != EINVAL)
{
+ support_record_failure ();
printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EINVAL);
printf (" got: return = %d, errno = %d\n", ret, err);
- ret = 1;
}
- else
- ret = 0;
- close (fd);
+ xclose (fd);
+}
+
+/* Test grantpt on a non-ptmx pseudo-terminal. */
+static void
+test_not_ptmx (void)
+{
+ int ptmx = posix_openpt (O_RDWR);
+ TEST_VERIFY_EXIT (ptmx >= 0);
+ TEST_COMPARE (grantpt (ptmx), 0);
+ TEST_COMPARE (unlockpt (ptmx), 0);
+
+ const char *name = ptsname (ptmx);
+ TEST_VERIFY_EXIT (name != NULL);
+ int pts = open (name, O_RDWR | O_NOCTTY);
+ TEST_VERIFY_EXIT (pts >= 0);
+
+ TEST_COMPARE (grantpt (pts), -1);
+ TEST_COMPARE (errno, EINVAL);
- return ret;
+ xclose (pts);
+ xclose (ptmx);
}
static int
do_test (void)
{
- int result = 0;
-
- result += test_ebadf ();
- result += test_einval ();
-
- return result;
+ test_ebadf ();
+ test_einval ();
+ test_not_ptmx ();
+ return 0;
}
-#define TEST_FUNCTION do_test ()
-#include "../test-skeleton.c"
+#include <support/test-driver.c>
--
2.25.4
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 2/3] Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053)
2020-05-27 10:14 [PATCH 0/3] Linux: Rework Linux PTY support Florian Weimer
2020-05-27 10:14 ` [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking Florian Weimer
@ 2020-05-27 10:14 ` Florian Weimer
2020-10-02 17:10 ` Adhemerval Zanella
2020-05-27 10:14 ` [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs Florian Weimer
2 siblings, 1 reply; 14+ messages in thread
From: Florian Weimer @ 2020-05-27 10:14 UTC (permalink / raw)
To: libc-alpha
The EINVAL error code is mandated by POSIX and documented in the
manual. Also clean up the unlockpt implementation a bit, assuming
that TIOCSPTLCK is always defined.
Enhance login/tst-grantpt to cover unlockpt corner cases.
---
login/tst-grantpt.c | 20 ++++++++++++++++----
sysdeps/unix/sysv/linux/unlockpt.c | 21 +++++----------------
2 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/login/tst-grantpt.c b/login/tst-grantpt.c
index 1d7a220fcf..8ca901ef94 100644
--- a/login/tst-grantpt.c
+++ b/login/tst-grantpt.c
@@ -1,4 +1,4 @@
-/* Test for grantpt error corner cases.
+/* Test for grantpt, unlockpt error corner cases.
Copyright (C) 2001-2020 Free Software Foundation, Inc.
This file is part of the GNU C Library.
@@ -28,7 +28,7 @@
#include <support/temp_file.h>
#include <support/xunistd.h>
-/* Test grantpt with a closed descriptor. */
+/* Test grantpt, unlockpt with a closed descriptor. */
static void
test_ebadf (void)
{
@@ -48,9 +48,12 @@ test_ebadf (void)
printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
printf (" got: return = %d, errno = %d\n", ret, err);
}
+
+ TEST_COMPARE (unlockpt (fd), -1);
+ TEST_COMPARE (errno, EBADF);
}
-/* Test grantpt on a regular file. */
+/* Test grantpt, unlockpt on a regular file. */
static void
test_einval (void)
{
@@ -68,10 +71,13 @@ test_einval (void)
printf (" got: return = %d, errno = %d\n", ret, err);
}
+ TEST_COMPARE (unlockpt (fd), -1);
+ TEST_COMPARE (errno, EINVAL);
+
xclose (fd);
}
-/* Test grantpt on a non-ptmx pseudo-terminal. */
+/* Test grantpt, unlockpt on a non-ptmx pseudo-terminal. */
static void
test_not_ptmx (void)
{
@@ -80,6 +86,9 @@ test_not_ptmx (void)
TEST_COMPARE (grantpt (ptmx), 0);
TEST_COMPARE (unlockpt (ptmx), 0);
+ /* A second unlock succeeds as well. */
+ TEST_COMPARE (unlockpt (ptmx), 0);
+
const char *name = ptsname (ptmx);
TEST_VERIFY_EXIT (name != NULL);
int pts = open (name, O_RDWR | O_NOCTTY);
@@ -88,6 +97,9 @@ test_not_ptmx (void)
TEST_COMPARE (grantpt (pts), -1);
TEST_COMPARE (errno, EINVAL);
+ TEST_COMPARE (unlockpt (pts), -1);
+ TEST_COMPARE (errno, EINVAL);
+
xclose (pts);
xclose (ptmx);
}
diff --git a/sysdeps/unix/sysv/linux/unlockpt.c b/sysdeps/unix/sysv/linux/unlockpt.c
index 3a0ac7a96c..4d98abece0 100644
--- a/sysdeps/unix/sysv/linux/unlockpt.c
+++ b/sysdeps/unix/sysv/linux/unlockpt.c
@@ -27,22 +27,11 @@
int
unlockpt (int fd)
{
-#ifdef TIOCSPTLCK
- int save_errno = errno;
int unlock = 0;
- if (__ioctl (fd, TIOCSPTLCK, &unlock))
- {
- if (errno == EINVAL)
- {
- __set_errno (save_errno);
- return 0;
- }
- else
- return -1;
- }
-#endif
- /* If we have no TIOCSPTLCK ioctl, all slave pseudo terminals are
- unlocked by default. */
- return 0;
+ int ret = __ioctl (fd, TIOCSPTLCK, &unlock);
+ if (ret != 0 && errno == ENOTTY)
+ /* POSIX mandates EINVAL for non-ptmx descriptors. */
+ __set_errno (EINVAL);
+ return ret;
}
--
2.25.4
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs
2020-05-27 10:14 [PATCH 0/3] Linux: Rework Linux PTY support Florian Weimer
2020-05-27 10:14 ` [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking Florian Weimer
2020-05-27 10:14 ` [PATCH 2/3] Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053) Florian Weimer
@ 2020-05-27 10:14 ` Florian Weimer
2020-05-27 10:31 ` Christian Brauner
2020-10-02 17:20 ` Adhemerval Zanella
2 siblings, 2 replies; 14+ messages in thread
From: Florian Weimer @ 2020-05-27 10:14 UTC (permalink / raw)
To: libc-alpha
Current systems do not have BSD terminals, so the fallback code in
posix_openpt/getpt does not do anything. Also remove the file system
check for /dev/pts. Current systems always have a devpts file system
mounted there if /dev/ptmx exists.
grantpt is now essentially a no-op. It only verifies that the
argument is a ptmx-descriptor. Therefore, this change indirectly
addresses bug 24941.
---
NEWS | 12 ++++
sysdeps/unix/sysv/linux/getpt.c | 67 +---------------------
sysdeps/unix/sysv/linux/grantpt.c | 73 ++++++++++++------------
sysdeps/unix/sysv/linux/ptsname.c | 95 ++-----------------------------
4 files changed, 55 insertions(+), 192 deletions(-)
diff --git a/NEWS b/NEWS
index 55389b8466..b8e0408a56 100644
--- a/NEWS
+++ b/NEWS
@@ -52,6 +52,18 @@ Changes to build and runtime requirements:
* powerpc64le requires GCC 7.4 or newer. This is required for supporting
long double redirects.
+* On Linux, the system administrator needs to configure /dev/pts with
+ the intended access modes for pseudo-terminals. glibc no longer
+ attemps to adjust permissions of terminal devices. The previous glibc
+ defaults ("tty" group, user read/write and group write) already
+ corresponded to what most systems used, so that grantpt did not
+ perform any adjustments.
+
+* On Linux, the posix_openpt and getpt functions no longer attempt to
+ use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
+ (and pseudo-terminals are supported), a devpts file system is mounted
+ on /dev/pts. Current systems already meet these requirements.
+
Security related changes:
CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
diff --git a/sysdeps/unix/sysv/linux/getpt.c b/sysdeps/unix/sysv/linux/getpt.c
index 1803b232c9..3cc745e11a 100644
--- a/sysdeps/unix/sysv/linux/getpt.c
+++ b/sysdeps/unix/sysv/linux/getpt.c
@@ -16,69 +16,18 @@
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
-#include <errno.h>
#include <fcntl.h>
-#include <stdlib.h>
#include <unistd.h>
#include <paths.h>
-#include <sys/statfs.h>
-
-#include "linux_fsinfo.h"
/* Path to the master pseudo terminal cloning device. */
#define _PATH_DEVPTMX _PATH_DEV "ptmx"
-/* Directory containing the UNIX98 pseudo terminals. */
-#define _PATH_DEVPTS _PATH_DEV "pts"
-
-/* Prototype for function that opens BSD-style master pseudo-terminals. */
-extern int __bsd_getpt (void) attribute_hidden;
/* Open a master pseudo terminal and return its file descriptor. */
int
__posix_openpt (int oflag)
{
- static int have_no_dev_ptmx;
- int fd;
-
- if (!have_no_dev_ptmx)
- {
- fd = __open (_PATH_DEVPTMX, oflag);
- if (fd != -1)
- {
- struct statfs fsbuf;
- static int devpts_mounted;
-
- /* Check that the /dev/pts filesystem is mounted
- or if /dev is a devfs filesystem (this implies /dev/pts). */
- if (devpts_mounted
- || (__statfs (_PATH_DEVPTS, &fsbuf) == 0
- && fsbuf.f_type == DEVPTS_SUPER_MAGIC)
- || (__statfs (_PATH_DEV, &fsbuf) == 0
- && fsbuf.f_type == DEVFS_SUPER_MAGIC))
- {
- /* Everything is ok. */
- devpts_mounted = 1;
- return fd;
- }
-
- /* If /dev/pts is not mounted then the UNIX98 pseudo terminals
- are not usable. */
- __close (fd);
- have_no_dev_ptmx = 1;
- __set_errno (ENOENT);
- }
- else
- {
- if (errno == ENOENT || errno == ENODEV)
- have_no_dev_ptmx = 1;
- else
- return -1;
- }
- }
- else
- __set_errno (ENOENT);
-
- return -1;
+ return __open (_PATH_DEVPTMX, oflag);
}
weak_alias (__posix_openpt, posix_openpt)
@@ -86,16 +35,6 @@ weak_alias (__posix_openpt, posix_openpt)
int
__getpt (void)
{
- int fd = __posix_openpt (O_RDWR);
- if (fd == -1)
- fd = __bsd_getpt ();
- return fd;
+ return __posix_openpt (O_RDWR);
}
-
-
-#define PTYNAME1 "pqrstuvwxyzabcde";
-#define PTYNAME2 "0123456789abcdef";
-
-#define __getpt __bsd_getpt
-#define HAVE_POSIX_OPENPT
-#include <sysdeps/unix/bsd/getpt.c>
+weak_alias (__getpt, getpt)
diff --git a/sysdeps/unix/sysv/linux/grantpt.c b/sysdeps/unix/sysv/linux/grantpt.c
index 2030e07fa6..43122f9a76 100644
--- a/sysdeps/unix/sysv/linux/grantpt.c
+++ b/sysdeps/unix/sysv/linux/grantpt.c
@@ -1,44 +1,41 @@
-#include <assert.h>
-#include <ctype.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <paths.h>
-#include <stdlib.h>
-#include <unistd.h>
+/* grantpt implementation for Linux.
+ Copyright (C) 1998-2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+ Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998.
-#include <not-cancel.h>
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
-#include "pty-private.h"
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
-#if HAVE_PT_CHOWN
-/* Close all file descriptors except the one specified. */
-static void
-close_all_fds (void)
-{
- DIR *dir = __opendir ("/proc/self/fd");
- if (dir != NULL)
- {
- struct dirent64 *d;
- while ((d = __readdir64 (dir)) != NULL)
- if (isdigit (d->d_name[0]))
- {
- char *endp;
- long int fd = strtol (d->d_name, &endp, 10);
- if (*endp == '\0' && fd != PTY_FILENO && fd != dirfd (dir))
- __close_nocancel_nostatus (fd);
- }
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/ioctl.h>
+#include <termios.h>
- __closedir (dir);
+int
+grantpt (int fd)
+{
+ /* Without pt_chown on Linux, we have delegated the creation of the
+ pty node with the right group and permission mode to the kernel, and
+ non-root users are unlikely to be able to change it. Therefore let's
+ consider that POSIX enforcement is the responsibility of the whole
+ system and not only the GNU libc. */
- int nullfd = __open_nocancel (_PATH_DEVNULL, O_RDONLY);
- assert (nullfd == STDIN_FILENO);
- nullfd = __open_nocancel (_PATH_DEVNULL, O_WRONLY);
- assert (nullfd == STDOUT_FILENO);
- __dup2 (STDOUT_FILENO, STDERR_FILENO);
- }
+ /* Verify that fd refers to a ptmx descriptor. */
+ unsigned int ptyno;
+ int ret = __ioctl (fd, TIOCGPTN, &ptyno);
+ if (ret != 0 && errno == ENOTTY)
+ /* POSIX requires EINVAL instead of ENOTTY provided by the kernel. */
+ __set_errno (EINVAL);
+ return ret;
}
-# define CLOSE_ALL_FDS() close_all_fds()
-#endif
-
-#include <sysdeps/unix/grantpt.c>
diff --git a/sysdeps/unix/sysv/linux/ptsname.c b/sysdeps/unix/sysv/linux/ptsname.c
index 81d9d26f1e..3e9be3f0d4 100644
--- a/sysdeps/unix/sysv/linux/ptsname.c
+++ b/sysdeps/unix/sysv/linux/ptsname.c
@@ -21,39 +21,14 @@
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
-#include <sys/stat.h>
-#include <sys/sysmacros.h>
#include <termios.h>
#include <unistd.h>
#include <_itoa.h>
-/* Check if DEV corresponds to a master pseudo terminal device. */
-#define MASTER_P(Dev) \
- (__gnu_dev_major ((Dev)) == 2 \
- || (__gnu_dev_major ((Dev)) == 4 \
- && __gnu_dev_minor ((Dev)) >= 128 && __gnu_dev_minor ((Dev)) < 192) \
- || (__gnu_dev_major ((Dev)) >= 128 && __gnu_dev_major ((Dev)) < 136))
-
-/* Check if DEV corresponds to a slave pseudo terminal device. */
-#define SLAVE_P(Dev) \
- (__gnu_dev_major ((Dev)) == 3 \
- || (__gnu_dev_major ((Dev)) == 4 \
- && __gnu_dev_minor ((Dev)) >= 192 && __gnu_dev_minor ((Dev)) < 256) \
- || (__gnu_dev_major ((Dev)) >= 136 && __gnu_dev_major ((Dev)) < 144))
-
-/* Note that major number 4 corresponds to the old BSD style pseudo
- terminal devices. As of Linux 2.1.115 these are no longer
- supported. They have been replaced by major numbers 2 (masters)
- and 3 (slaves). */
-
/* Directory where we can find the slave pty nodes. */
#define _PATH_DEVPTS "/dev/pts/"
-/* The are declared in getpt.c. */
-extern const char __libc_ptyname1[] attribute_hidden;
-extern const char __libc_ptyname2[] attribute_hidden;
-
/* Static buffer for `ptsname'. */
static char buffer[sizeof (_PATH_DEVPTS) + 20];
@@ -68,19 +43,15 @@ ptsname (int fd)
}
+/* Store at most BUFLEN characters of the pathname of the slave pseudo
+ terminal associated with the master FD is open on in BUF.
+ Return 0 on success, otherwise an error number. */
int
-__ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp)
+__ptsname_r (int fd, char *buf, size_t buflen)
{
int save_errno = errno;
unsigned int ptyno;
- if (!__isatty (fd))
- {
- __set_errno (ENOTTY);
- return ENOTTY;
- }
-
-#ifdef TIOCGPTN
if (__ioctl (fd, TIOCGPTN, &ptyno) == 0)
{
/* Buffer we use to print the number in. For a maximum size for
@@ -101,67 +72,11 @@ __ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp)
memcpy (__stpcpy (buf, devpts), p, &numbuf[sizeof (numbuf)] - p);
}
- else if (errno != EINVAL)
- return errno;
else
-#endif
- {
- char *p;
-
- if (buflen < strlen (_PATH_TTY) + 3)
- {
- __set_errno (ERANGE);
- return ERANGE;
- }
-
- if (__fxstat64 (_STAT_VER, fd, stp) < 0)
- return errno;
-
- /* Check if FD really is a master pseudo terminal. */
- if (! MASTER_P (stp->st_rdev))
- {
- __set_errno (ENOTTY);
- return ENOTTY;
- }
-
- ptyno = __gnu_dev_minor (stp->st_rdev);
-
- if (ptyno / 16 >= strlen (__libc_ptyname1))
- {
- __set_errno (ENOTTY);
- return ENOTTY;
- }
-
- p = __stpcpy (buf, _PATH_TTY);
- p[0] = __libc_ptyname1[ptyno / 16];
- p[1] = __libc_ptyname2[ptyno % 16];
- p[2] = '\0';
- }
-
- if (__xstat64 (_STAT_VER, buf, stp) < 0)
+ /* Bad file descriptor, or not a ptmx descriptor. */
return errno;
- /* Check if the name we're about to return really corresponds to a
- slave pseudo terminal. */
- if (! S_ISCHR (stp->st_mode) || ! SLAVE_P (stp->st_rdev))
- {
- /* This really is a configuration problem. */
- __set_errno (ENOTTY);
- return ENOTTY;
- }
-
__set_errno (save_errno);
return 0;
}
-
-
-/* Store at most BUFLEN characters of the pathname of the slave pseudo
- terminal associated with the master FD is open on in BUF.
- Return 0 on success, otherwise an error number. */
-int
-__ptsname_r (int fd, char *buf, size_t buflen)
-{
- struct stat64 st;
- return __ptsname_internal (fd, buf, buflen, &st);
-}
weak_alias (__ptsname_r, ptsname_r)
--
2.25.4
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs
2020-05-27 10:14 ` [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs Florian Weimer
@ 2020-05-27 10:31 ` Christian Brauner
2020-10-02 17:20 ` Adhemerval Zanella
1 sibling, 0 replies; 14+ messages in thread
From: Christian Brauner @ 2020-05-27 10:31 UTC (permalink / raw)
To: Florian Weimer; +Cc: libc-alpha
On Wed, May 27, 2020 at 12:14:37PM +0200, Florian Weimer via Libc-alpha wrote:
> Current systems do not have BSD terminals, so the fallback code in
> posix_openpt/getpt does not do anything. Also remove the file system
> check for /dev/pts. Current systems always have a devpts file system
> mounted there if /dev/ptmx exists.
Good change!
In addition, on newer kernels you also have TIOCGPTPEER which wouldn't
even require /dev/pts be present and permits race-free access to a
/dev/pts/* device solely based on the /dev/ptmx fd. And we've made sure
that glibc already supports that.
So ack from me.
Christian
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking
2020-05-27 10:14 ` [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking Florian Weimer
@ 2020-10-02 17:08 ` Adhemerval Zanella
0 siblings, 0 replies; 14+ messages in thread
From: Adhemerval Zanella @ 2020-10-02 17:08 UTC (permalink / raw)
To: libc-alpha, Florian Weimer
On 27/05/2020 07:14, Florian Weimer via Libc-alpha wrote:
> The test now requires working /dev/pts pseudo-terminals.
>
> A new subtest (test_not_ptmx) attempts to call grantpt on a
> pseudo-terminal that is not a ptmx device. POSIX requires an EINVAL
> error in this case.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> login/tst-grantpt.c | 93 ++++++++++++++++++++++++++++-----------------
> 1 file changed, 58 insertions(+), 35 deletions(-)
>
> diff --git a/login/tst-grantpt.c b/login/tst-grantpt.c
> index 65bb344909..1d7a220fcf 100644
> --- a/login/tst-grantpt.c
> +++ b/login/tst-grantpt.c
> @@ -1,3 +1,21 @@
> +/* Test for grantpt error corner cases.
> + Copyright (C) 2001-2020 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
Ok.
> @@ -6,76 +24,81 @@
> #include <errno.h>
> #include <string.h>
> #include <unistd.h>
> +#include <support/check.h>
> +#include <support/temp_file.h>
> +#include <support/xunistd.h>
>
> -static int
> +/* Test grantpt with a closed descriptor. */
> +static void
> test_ebadf (void)
> {
> int fd, ret, err;
>
> fd = posix_openpt (O_RDWR);
> if (fd == -1)
> - {
> - printf ("posix_openpt(O_RDWR) failed\nerrno %d (%s)\n",
> - errno, strerror (errno));
> - /* We don't fail because of this; maybe the system does not have
> - SUS pseudo terminals. */
> - return 0;
> - }
> - unlockpt (fd);
> - close (fd);
> + FAIL_EXIT1 ("posix_openpt(O_RDWR) failed\nerrno %d (%m)\n", errno);
> + TEST_COMPARE (unlockpt (fd), 0);
>
> + xclose (fd);
> ret = grantpt (fd);
> err = errno;
> if (ret != -1 || err != EBADF)
> {
> + support_record_failure ();
> printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
> printf (" got: return = %d, errno = %d\n", ret, err);
> - return 1;
> }
> - return 0;
> }
>
Ok.
> -static int
> +/* Test grantpt on a regular file. */
> +static void
> test_einval (void)
> {
> int fd, ret, err;
> - const char file[] = "./grantpt-einval";
>
> - fd = open (file, O_RDWR | O_CREAT, 0600);
> - if (fd == -1)
> - {
> - printf ("open(\"%s\", O_RDWR) failed\nerrno %d (%s)\n",
> - file, errno, strerror (errno));
> - return 0;
> - }
> - unlink (file);
> + fd = create_temp_file ("tst-grantpt-", NULL);
> + TEST_VERIFY_EXIT (fd >= 0);
>
> ret = grantpt (fd);
> err = errno;
> if (ret != -1 || err != EINVAL)
> {
> + support_record_failure ();
> printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EINVAL);
> printf (" got: return = %d, errno = %d\n", ret, err);
> - ret = 1;
> }
> - else
> - ret = 0;
>
> - close (fd);
> + xclose (fd);
> +}
> +
Ok.
> +/* Test grantpt on a non-ptmx pseudo-terminal. */
> +static void
> +test_not_ptmx (void)
> +{
> + int ptmx = posix_openpt (O_RDWR);
> + TEST_VERIFY_EXIT (ptmx >= 0);
> + TEST_COMPARE (grantpt (ptmx), 0);
> + TEST_COMPARE (unlockpt (ptmx), 0);
> +
> + const char *name = ptsname (ptmx);
> + TEST_VERIFY_EXIT (name != NULL);
> + int pts = open (name, O_RDWR | O_NOCTTY);
> + TEST_VERIFY_EXIT (pts >= 0);
> +
> + TEST_COMPARE (grantpt (pts), -1);
> + TEST_COMPARE (errno, EINVAL);
>
> - return ret;
> + xclose (pts);
> + xclose (ptmx);
> }
>
Ok.
> static int
> do_test (void)
> {
> - int result = 0;
> -
> - result += test_ebadf ();
> - result += test_einval ();
> -
> - return result;
> + test_ebadf ();
> + test_einval ();
> + test_not_ptmx ();
> + return 0;
> }
>
> -#define TEST_FUNCTION do_test ()
> -#include "../test-skeleton.c"
> +#include <support/test-driver.c>
>
Ok.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 2/3] Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053)
2020-05-27 10:14 ` [PATCH 2/3] Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053) Florian Weimer
@ 2020-10-02 17:10 ` Adhemerval Zanella
0 siblings, 0 replies; 14+ messages in thread
From: Adhemerval Zanella @ 2020-10-02 17:10 UTC (permalink / raw)
To: Florian Weimer, libc-alpha
On 27/05/2020 07:14, Florian Weimer via Libc-alpha wrote:
> The EINVAL error code is mandated by POSIX and documented in the
> manual. Also clean up the unlockpt implementation a bit, assuming
> that TIOCSPTLCK is always defined.
>
> Enhance login/tst-grantpt to cover unlockpt corner cases.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> login/tst-grantpt.c | 20 ++++++++++++++++----
> sysdeps/unix/sysv/linux/unlockpt.c | 21 +++++----------------
> 2 files changed, 21 insertions(+), 20 deletions(-)
>
> diff --git a/login/tst-grantpt.c b/login/tst-grantpt.c
> index 1d7a220fcf..8ca901ef94 100644
> --- a/login/tst-grantpt.c
> +++ b/login/tst-grantpt.c
> @@ -1,4 +1,4 @@
> -/* Test for grantpt error corner cases.
> +/* Test for grantpt, unlockpt error corner cases.
> Copyright (C) 2001-2020 Free Software Foundation, Inc.
> This file is part of the GNU C Library.
>
> @@ -28,7 +28,7 @@
> #include <support/temp_file.h>
> #include <support/xunistd.h>
>
> -/* Test grantpt with a closed descriptor. */
> +/* Test grantpt, unlockpt with a closed descriptor. */
> static void
> test_ebadf (void)
> {
> @@ -48,9 +48,12 @@ test_ebadf (void)
> printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
> printf (" got: return = %d, errno = %d\n", ret, err);
> }
> +
> + TEST_COMPARE (unlockpt (fd), -1);
> + TEST_COMPARE (errno, EBADF);
> }
>
Ok.
> -/* Test grantpt on a regular file. */
> +/* Test grantpt, unlockpt on a regular file. */
> static void
> test_einval (void)
> {
> @@ -68,10 +71,13 @@ test_einval (void)
> printf (" got: return = %d, errno = %d\n", ret, err);
> }
>
> + TEST_COMPARE (unlockpt (fd), -1);
> + TEST_COMPARE (errno, EINVAL);
> +
> xclose (fd);
> }
>
Ok.
> -/* Test grantpt on a non-ptmx pseudo-terminal. */
> +/* Test grantpt, unlockpt on a non-ptmx pseudo-terminal. */
> static void
> test_not_ptmx (void)
> {
> @@ -80,6 +86,9 @@ test_not_ptmx (void)
> TEST_COMPARE (grantpt (ptmx), 0);
> TEST_COMPARE (unlockpt (ptmx), 0);
>
> + /* A second unlock succeeds as well. */
> + TEST_COMPARE (unlockpt (ptmx), 0);
> +
> const char *name = ptsname (ptmx);
> TEST_VERIFY_EXIT (name != NULL);
> int pts = open (name, O_RDWR | O_NOCTTY);
> @@ -88,6 +97,9 @@ test_not_ptmx (void)
> TEST_COMPARE (grantpt (pts), -1);
> TEST_COMPARE (errno, EINVAL);
>
> + TEST_COMPARE (unlockpt (pts), -1);
> + TEST_COMPARE (errno, EINVAL);
> +
> xclose (pts);
> xclose (ptmx);
> }
Ok.
> diff --git a/sysdeps/unix/sysv/linux/unlockpt.c b/sysdeps/unix/sysv/linux/unlockpt.c
> index 3a0ac7a96c..4d98abece0 100644
> --- a/sysdeps/unix/sysv/linux/unlockpt.c
> +++ b/sysdeps/unix/sysv/linux/unlockpt.c
> @@ -27,22 +27,11 @@
> int
> unlockpt (int fd)
> {
> -#ifdef TIOCSPTLCK
> - int save_errno = errno;
> int unlock = 0;
>
> - if (__ioctl (fd, TIOCSPTLCK, &unlock))
> - {
> - if (errno == EINVAL)
> - {
> - __set_errno (save_errno);
> - return 0;
> - }
> - else
> - return -1;
> - }
> -#endif
> - /* If we have no TIOCSPTLCK ioctl, all slave pseudo terminals are
> - unlocked by default. */
> - return 0;
> + int ret = __ioctl (fd, TIOCSPTLCK, &unlock);
> + if (ret != 0 && errno == ENOTTY)
> + /* POSIX mandates EINVAL for non-ptmx descriptors. */
> + __set_errno (EINVAL);
> + return ret;
> }
>
Ok.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs
2020-05-27 10:14 ` [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs Florian Weimer
2020-05-27 10:31 ` Christian Brauner
@ 2020-10-02 17:20 ` Adhemerval Zanella
2020-10-02 17:26 ` Florian Weimer
2020-10-07 9:31 ` Florian Weimer
1 sibling, 2 replies; 14+ messages in thread
From: Adhemerval Zanella @ 2020-10-02 17:20 UTC (permalink / raw)
To: libc-alpha, Florian Weimer
On 27/05/2020 07:14, Florian Weimer via Libc-alpha wrote:
> Current systems do not have BSD terminals, so the fallback code in
> posix_openpt/getpt does not do anything. Also remove the file system
> check for /dev/pts. Current systems always have a devpts file system
> mounted there if /dev/ptmx exists.
>
> grantpt is now essentially a no-op. It only verifies that the
> argument is a ptmx-descriptor. Therefore, this change indirectly
> addresses bug 24941.
LGTM with some comments below, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> NEWS | 12 ++++
> sysdeps/unix/sysv/linux/getpt.c | 67 +---------------------
> sysdeps/unix/sysv/linux/grantpt.c | 73 ++++++++++++------------
> sysdeps/unix/sysv/linux/ptsname.c | 95 ++-----------------------------
> 4 files changed, 55 insertions(+), 192 deletions(-)
>
> diff --git a/NEWS b/NEWS
> index 55389b8466..b8e0408a56 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -52,6 +52,18 @@ Changes to build and runtime requirements:
> * powerpc64le requires GCC 7.4 or newer. This is required for supporting
> long double redirects.
>
> +* On Linux, the system administrator needs to configure /dev/pts with
> + the intended access modes for pseudo-terminals. glibc no longer
> + attemps to adjust permissions of terminal devices. The previous glibc
> + defaults ("tty" group, user read/write and group write) already
> + corresponded to what most systems used, so that grantpt did not
> + perform any adjustments.
> +
> +* On Linux, the posix_openpt and getpt functions no longer attempt to
> + use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
> + (and pseudo-terminals are supported), a devpts file system is mounted
> + on /dev/pts. Current systems already meet these requirements.
> +
> Security related changes:
>
> CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
Ok, although "Current systems" is somewhat vague (does it refer to minimum
kernel version or a common practice?).
> diff --git a/sysdeps/unix/sysv/linux/getpt.c b/sysdeps/unix/sysv/linux/getpt.c
> index 1803b232c9..3cc745e11a 100644
> --- a/sysdeps/unix/sysv/linux/getpt.c
> +++ b/sysdeps/unix/sysv/linux/getpt.c
> @@ -16,69 +16,18 @@
> License along with the GNU C Library; if not, see
> <https://www.gnu.org/licenses/>. */
>
> -#include <errno.h>
> #include <fcntl.h>
> -#include <stdlib.h>
> #include <unistd.h>
> #include <paths.h>
> -#include <sys/statfs.h>
> -
> -#include "linux_fsinfo.h"
>
> /* Path to the master pseudo terminal cloning device. */
> #define _PATH_DEVPTMX _PATH_DEV "ptmx"
> -/* Directory containing the UNIX98 pseudo terminals. */
> -#define _PATH_DEVPTS _PATH_DEV "pts"
> -
> -/* Prototype for function that opens BSD-style master pseudo-terminals. */
> -extern int __bsd_getpt (void) attribute_hidden;
>
> /* Open a master pseudo terminal and return its file descriptor. */
> int
> __posix_openpt (int oflag)
> {
> - static int have_no_dev_ptmx;
> - int fd;
> -
> - if (!have_no_dev_ptmx)
> - {
> - fd = __open (_PATH_DEVPTMX, oflag);
> - if (fd != -1)
> - {
> - struct statfs fsbuf;
> - static int devpts_mounted;
> -
> - /* Check that the /dev/pts filesystem is mounted
> - or if /dev is a devfs filesystem (this implies /dev/pts). */
> - if (devpts_mounted
> - || (__statfs (_PATH_DEVPTS, &fsbuf) == 0
> - && fsbuf.f_type == DEVPTS_SUPER_MAGIC)
> - || (__statfs (_PATH_DEV, &fsbuf) == 0
> - && fsbuf.f_type == DEVFS_SUPER_MAGIC))
> - {
> - /* Everything is ok. */
> - devpts_mounted = 1;
> - return fd;
> - }
> -
> - /* If /dev/pts is not mounted then the UNIX98 pseudo terminals
> - are not usable. */
> - __close (fd);
> - have_no_dev_ptmx = 1;
> - __set_errno (ENOENT);
> - }
> - else
> - {
> - if (errno == ENOENT || errno == ENODEV)
> - have_no_dev_ptmx = 1;
> - else
> - return -1;
> - }
> - }
> - else
> - __set_errno (ENOENT);
> -
> - return -1;
> + return __open (_PATH_DEVPTMX, oflag);
> }
> weak_alias (__posix_openpt, posix_openpt)
>
Ok. As side note I think we should change its prototype at include/stdlib.h
from attribute_hidden to a proper hidden_def/hidden_proto.
> @@ -86,16 +35,6 @@ weak_alias (__posix_openpt, posix_openpt)
> int
> __getpt (void)
> {
> - int fd = __posix_openpt (O_RDWR);
> - if (fd == -1)
> - fd = __bsd_getpt ();
> - return fd;
> + return __posix_openpt (O_RDWR);
> }
> -
> -
> -#define PTYNAME1 "pqrstuvwxyzabcde";
> -#define PTYNAME2 "0123456789abcdef";
> -
> -#define __getpt __bsd_getpt
> -#define HAVE_POSIX_OPENPT
> -#include <sysdeps/unix/bsd/getpt.c>
> +weak_alias (__getpt, getpt)
Ok.
> diff --git a/sysdeps/unix/sysv/linux/grantpt.c b/sysdeps/unix/sysv/linux/grantpt.c
> index 2030e07fa6..43122f9a76 100644
> --- a/sysdeps/unix/sysv/linux/grantpt.c
> +++ b/sysdeps/unix/sysv/linux/grantpt.c
> @@ -1,44 +1,41 @@
> -#include <assert.h>
> -#include <ctype.h>
> -#include <dirent.h>
> -#include <errno.h>
> -#include <fcntl.h>
> -#include <paths.h>
> -#include <stdlib.h>
> -#include <unistd.h>
> +/* grantpt implementation for Linux.
> + Copyright (C) 1998-2020 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> + Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998.
Should we keep copying the 'Contributed by' in this case? Specially
for the case where the implementation is really a stripped down
version?
>
> -#include <not-cancel.h>
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
>
> -#include "pty-private.h"
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
>
> -#if HAVE_PT_CHOWN
> -/* Close all file descriptors except the one specified. */
> -static void
> -close_all_fds (void)
> -{
> - DIR *dir = __opendir ("/proc/self/fd");
> - if (dir != NULL)
> - {
> - struct dirent64 *d;
> - while ((d = __readdir64 (dir)) != NULL)
> - if (isdigit (d->d_name[0]))
> - {
> - char *endp;
> - long int fd = strtol (d->d_name, &endp, 10);
> - if (*endp == '\0' && fd != PTY_FILENO && fd != dirfd (dir))
> - __close_nocancel_nostatus (fd);
> - }
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +#include <errno.h>
> +#include <stdlib.h>
> +#include <sys/ioctl.h>
> +#include <termios.h>
>
> - __closedir (dir);
> +int
> +grantpt (int fd)
> +{
> + /* Without pt_chown on Linux, we have delegated the creation of the
> + pty node with the right group and permission mode to the kernel, and
> + non-root users are unlikely to be able to change it. Therefore let's
> + consider that POSIX enforcement is the responsibility of the whole
> + system and not only the GNU libc. */
>
> - int nullfd = __open_nocancel (_PATH_DEVNULL, O_RDONLY);
> - assert (nullfd == STDIN_FILENO);
> - nullfd = __open_nocancel (_PATH_DEVNULL, O_WRONLY);
> - assert (nullfd == STDOUT_FILENO);
> - __dup2 (STDOUT_FILENO, STDERR_FILENO);
> - }
> + /* Verify that fd refers to a ptmx descriptor. */
> + unsigned int ptyno;
> + int ret = __ioctl (fd, TIOCGPTN, &ptyno);
> + if (ret != 0 && errno == ENOTTY)
> + /* POSIX requires EINVAL instead of ENOTTY provided by the kernel. */
> + __set_errno (EINVAL);
> + return ret;
> }
> -# define CLOSE_ALL_FDS() close_all_fds()
> -#endif
> -
> -#include <sysdeps/unix/grantpt.c>
Ok.
> diff --git a/sysdeps/unix/sysv/linux/ptsname.c b/sysdeps/unix/sysv/linux/ptsname.c
> index 81d9d26f1e..3e9be3f0d4 100644
> --- a/sysdeps/unix/sysv/linux/ptsname.c
> +++ b/sysdeps/unix/sysv/linux/ptsname.c
> @@ -21,39 +21,14 @@
> #include <stdlib.h>
> #include <string.h>
> #include <sys/ioctl.h>
> -#include <sys/stat.h>
> -#include <sys/sysmacros.h>
> #include <termios.h>
> #include <unistd.h>
>
> #include <_itoa.h>
>
> -/* Check if DEV corresponds to a master pseudo terminal device. */
> -#define MASTER_P(Dev) \
> - (__gnu_dev_major ((Dev)) == 2 \
> - || (__gnu_dev_major ((Dev)) == 4 \
> - && __gnu_dev_minor ((Dev)) >= 128 && __gnu_dev_minor ((Dev)) < 192) \
> - || (__gnu_dev_major ((Dev)) >= 128 && __gnu_dev_major ((Dev)) < 136))
> -
> -/* Check if DEV corresponds to a slave pseudo terminal device. */
> -#define SLAVE_P(Dev) \
> - (__gnu_dev_major ((Dev)) == 3 \
> - || (__gnu_dev_major ((Dev)) == 4 \
> - && __gnu_dev_minor ((Dev)) >= 192 && __gnu_dev_minor ((Dev)) < 256) \
> - || (__gnu_dev_major ((Dev)) >= 136 && __gnu_dev_major ((Dev)) < 144))
> -
> -/* Note that major number 4 corresponds to the old BSD style pseudo
> - terminal devices. As of Linux 2.1.115 these are no longer
> - supported. They have been replaced by major numbers 2 (masters)
> - and 3 (slaves). */
> -
> /* Directory where we can find the slave pty nodes. */
> #define _PATH_DEVPTS "/dev/pts/"
>
> -/* The are declared in getpt.c. */
> -extern const char __libc_ptyname1[] attribute_hidden;
> -extern const char __libc_ptyname2[] attribute_hidden;
> -
> /* Static buffer for `ptsname'. */
> static char buffer[sizeof (_PATH_DEVPTS) + 20];
>
> @@ -68,19 +43,15 @@ ptsname (int fd)
> }
>
Ok.
>
> +/* Store at most BUFLEN characters of the pathname of the slave pseudo
> + terminal associated with the master FD is open on in BUF.
> + Return 0 on success, otherwise an error number. */
> int
> -__ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp)
> +__ptsname_r (int fd, char *buf, size_t buflen)
> {
> int save_errno = errno;
> unsigned int ptyno;
>
> - if (!__isatty (fd))
> - {
> - __set_errno (ENOTTY);
> - return ENOTTY;
> - }
> -
> -#ifdef TIOCGPTN
> if (__ioctl (fd, TIOCGPTN, &ptyno) == 0)
> {
> /* Buffer we use to print the number in. For a maximum size for
> @@ -101,67 +72,11 @@ __ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp)
>
> memcpy (__stpcpy (buf, devpts), p, &numbuf[sizeof (numbuf)] - p);
> }
> - else if (errno != EINVAL)
> - return errno;
> else
> -#endif
> - {
> - char *p;
> -
> - if (buflen < strlen (_PATH_TTY) + 3)
> - {
> - __set_errno (ERANGE);
> - return ERANGE;
> - }
> -
> - if (__fxstat64 (_STAT_VER, fd, stp) < 0)
> - return errno;
> -
> - /* Check if FD really is a master pseudo terminal. */
> - if (! MASTER_P (stp->st_rdev))
> - {
> - __set_errno (ENOTTY);
> - return ENOTTY;
> - }
> -
> - ptyno = __gnu_dev_minor (stp->st_rdev);
> -
> - if (ptyno / 16 >= strlen (__libc_ptyname1))
> - {
> - __set_errno (ENOTTY);
> - return ENOTTY;
> - }
> -
> - p = __stpcpy (buf, _PATH_TTY);
> - p[0] = __libc_ptyname1[ptyno / 16];
> - p[1] = __libc_ptyname2[ptyno % 16];
> - p[2] = '\0';
> - }
> -
> - if (__xstat64 (_STAT_VER, buf, stp) < 0)
> + /* Bad file descriptor, or not a ptmx descriptor. */
> return errno;
>
> - /* Check if the name we're about to return really corresponds to a
> - slave pseudo terminal. */
> - if (! S_ISCHR (stp->st_mode) || ! SLAVE_P (stp->st_rdev))
> - {
> - /* This really is a configuration problem. */
> - __set_errno (ENOTTY);
> - return ENOTTY;
> - }
> -
> __set_errno (save_errno);
> return 0;
> }
> -
> -
> -/* Store at most BUFLEN characters of the pathname of the slave pseudo
> - terminal associated with the master FD is open on in BUF.
> - Return 0 on success, otherwise an error number. */
> -int
> -__ptsname_r (int fd, char *buf, size_t buflen)
> -{
> - struct stat64 st;
> - return __ptsname_internal (fd, buf, buflen, &st);
> -}
> weak_alias (__ptsname_r, ptsname_r)
>
Ok.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs
2020-10-02 17:20 ` Adhemerval Zanella
@ 2020-10-02 17:26 ` Florian Weimer
2020-10-07 9:31 ` Florian Weimer
1 sibling, 0 replies; 14+ messages in thread
From: Florian Weimer @ 2020-10-02 17:26 UTC (permalink / raw)
To: Zack Weinberg; +Cc: Adhemerval Zanella, libc-alpha
* Adhemerval Zanella:
>> diff --git a/sysdeps/unix/sysv/linux/grantpt.c b/sysdeps/unix/sysv/linux/grantpt.c
>> index 2030e07fa6..43122f9a76 100644
>> --- a/sysdeps/unix/sysv/linux/grantpt.c
>> +++ b/sysdeps/unix/sysv/linux/grantpt.c
>> @@ -1,44 +1,41 @@
>> -#include <assert.h>
>> -#include <ctype.h>
>> -#include <dirent.h>
>> -#include <errno.h>
>> -#include <fcntl.h>
>> -#include <paths.h>
>> -#include <stdlib.h>
>> -#include <unistd.h>
>> +/* grantpt implementation for Linux.
>> + Copyright (C) 1998-2020 Free Software Foundation, Inc.
>> + This file is part of the GNU C Library.
>> + Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998.
>
> Should we keep copying the 'Contributed by' in this case? Specially
> for the case where the implementation is really a stripped down
> version?
Zack, is it okay if I remove the “Contributed by” line, as Adhemerval
suggests?
Full patch is here:
<https://sourceware.org/pipermail/libc-alpha/2020-May/114379.html>
Thanks,
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs
2020-10-02 17:20 ` Adhemerval Zanella
2020-10-02 17:26 ` Florian Weimer
@ 2020-10-07 9:31 ` Florian Weimer
1 sibling, 0 replies; 14+ messages in thread
From: Florian Weimer @ 2020-10-07 9:31 UTC (permalink / raw)
To: Adhemerval Zanella via Libc-alpha
* Adhemerval Zanella via Libc-alpha:
>> +* On Linux, the system administrator needs to configure /dev/pts with
>> + the intended access modes for pseudo-terminals. glibc no longer
>> + attemps to adjust permissions of terminal devices. The previous glibc
>> + defaults ("tty" group, user read/write and group write) already
>> + corresponded to what most systems used, so that grantpt did not
>> + perform any adjustments.
>> +
>> +* On Linux, the posix_openpt and getpt functions no longer attempt to
>> + use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
>> + (and pseudo-terminals are supported), a devpts file system is mounted
>> + on /dev/pts. Current systems already meet these requirements.
>> +
>> Security related changes:
>>
>> CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
>
> Ok, although "Current systems" is somewhat vague (does it refer to minimum
> kernel version or a common practice?).
Common practice (and the missing pt_chown binary).
> Ok. As side note I think we should change its prototype at include/stdlib.h
> from attribute_hidden to a proper hidden_def/hidden_proto.
There's a stub implementation of posix_openpt for Hurd, so I think this
should be a separate patch.
I'm going to push this with an INSTALL update after some further
testing.
Thanks,
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking
2020-08-13 18:31 ` Florian Weimer
@ 2020-08-13 18:58 ` Adhemerval Zanella
0 siblings, 0 replies; 14+ messages in thread
From: Adhemerval Zanella @ 2020-08-13 18:58 UTC (permalink / raw)
To: Florian Weimer, Adhemerval Zanella via Libc-alpha
On 13/08/2020 15:31, Florian Weimer wrote:
> * Adhemerval Zanella via Libc-alpha:
>
>>> + xclose (fd);
>>> ret = grantpt (fd);
>>> err = errno;
>>> if (ret != -1 || err != EBADF)
>>> {
>>> + support_record_failure ();
>>> printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
>>> printf (" got: return = %d, errno = %d\n", ret, err);
>>> - return 1;
>>> }
>>> - return 0;
>>> }
>>
>> Ok (although maybe use CHECK_VERIFY?).
>
> Do you mean TEST_VERIFY? That can't produce a log message. We
> probably should have something that logs a failure unconditionally.
>
Yeap, TEST_VERIFY. The test failure output will have all the required
information anyway (either if return code or errno does not match
expectations).
>>> - unlink (file);
>>> + fd = create_temp_file ("tst-grantpt-", NULL);
>>> + TEST_VERIFY_EXIT (fd >= 0);
>>>
>>
>> Ok. As a side note, maybe we should add a xcreate_temp_file.
>
> I think we should change the semantics of the existing function
> instead.
>
The posix/tst-spawn3.c uses create_temp_file to fill all possible file-descriptor
to check if posix_spawn file actions does not use extra descriptors. Afaik it
is a exception, all other tests expect that create_temp_file does not fail.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking
2020-08-13 18:21 ` Adhemerval Zanella
@ 2020-08-13 18:31 ` Florian Weimer
2020-08-13 18:58 ` Adhemerval Zanella
0 siblings, 1 reply; 14+ messages in thread
From: Florian Weimer @ 2020-08-13 18:31 UTC (permalink / raw)
To: Adhemerval Zanella via Libc-alpha
* Adhemerval Zanella via Libc-alpha:
> > + xclose (fd);
> > ret = grantpt (fd);
> > err = errno;
> > if (ret != -1 || err != EBADF)
> > {
> > + support_record_failure ();
> > printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
> > printf (" got: return = %d, errno = %d\n", ret, err);
> > - return 1;
> > }
> > - return 0;
> > }
>
> Ok (although maybe use CHECK_VERIFY?).
Do you mean TEST_VERIFY? That can't produce a log message. We
probably should have something that logs a failure unconditionally.
>> - unlink (file);
>> + fd = create_temp_file ("tst-grantpt-", NULL);
>> + TEST_VERIFY_EXIT (fd >= 0);
>>
>
> Ok. As a side note, maybe we should add a xcreate_temp_file.
I think we should change the semantics of the existing function
instead.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking
2020-08-05 7:14 [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking Florian Weimer
@ 2020-08-13 18:21 ` Adhemerval Zanella
2020-08-13 18:31 ` Florian Weimer
0 siblings, 1 reply; 14+ messages in thread
From: Adhemerval Zanella @ 2020-08-13 18:21 UTC (permalink / raw)
To: libc-alpha, Florian Weimer
On 05/08/2020 04:14, Florian Weimer via Libc-alpha wrote:
> The test now requires working /dev/pts pseudo-terminals.
>
> A new subtest (test_not_ptmx) attempts to call grantpt on a
> pseudo-terminal that is not a ptmx device. POSIX requires an EINVAL
> error in this case.
LGTM thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> login/tst-grantpt.c | 93 ++++++++++++++++++++++++++++-----------------
> 1 file changed, 58 insertions(+), 35 deletions(-)
>
> diff --git a/login/tst-grantpt.c b/login/tst-grantpt.c
> index 65bb344909..1d7a220fcf 100644
> --- a/login/tst-grantpt.c
> +++ b/login/tst-grantpt.c
> @@ -1,3 +1,21 @@
> +/* Test for grantpt error corner cases.
> + Copyright (C) 2001-2020 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> @@ -6,76 +24,81 @@
> #include <errno.h>
> #include <string.h>
> #include <unistd.h>
> +#include <support/check.h>
> +#include <support/temp_file.h>
> +#include <support/xunistd.h>
>
> -static int
> +/* Test grantpt with a closed descriptor. */
> +static void
> test_ebadf (void)
> {
> int fd, ret, err;
>
> fd = posix_openpt (O_RDWR);
> if (fd == -1)
> - {
> - printf ("posix_openpt(O_RDWR) failed\nerrno %d (%s)\n",
> - errno, strerror (errno));
> - /* We don't fail because of this; maybe the system does not have
> - SUS pseudo terminals. */
> - return 0;
> - }
> - unlockpt (fd);
> - close (fd);
> + FAIL_EXIT1 ("posix_openpt(O_RDWR) failed\nerrno %d (%m)\n", errno);
> + TEST_COMPARE (unlockpt (fd), 0);
>
Ok.
> + xclose (fd);
> ret = grantpt (fd);
> err = errno;
> if (ret != -1 || err != EBADF)
> {
> + support_record_failure ();
> printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
> printf (" got: return = %d, errno = %d\n", ret, err);
> - return 1;
> }
> - return 0;
> }
Ok (although maybe use CHECK_VERIFY?).
>
> -static int
> +/* Test grantpt on a regular file. */
> +static void
> test_einval (void)
> {
> int fd, ret, err;
> - const char file[] = "./grantpt-einval";
>
> - fd = open (file, O_RDWR | O_CREAT, 0600);
> - if (fd == -1)
> - {
> - printf ("open(\"%s\", O_RDWR) failed\nerrno %d (%s)\n",
> - file, errno, strerror (errno));
> - return 0;
> - }
> - unlink (file);
> + fd = create_temp_file ("tst-grantpt-", NULL);
> + TEST_VERIFY_EXIT (fd >= 0);
>
Ok. As a side note, maybe we should add a xcreate_temp_file.
> ret = grantpt (fd);
> err = errno;
> if (ret != -1 || err != EINVAL)
> {
> + support_record_failure ();
> printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EINVAL);
> printf (" got: return = %d, errno = %d\n", ret, err);
> - ret = 1;
> }
> - else
> - ret = 0;
>
> - close (fd);
> + xclose (fd);
> +}
Ok (although same previous suggestion applies here suggestion).
> +
> +/* Test grantpt on a non-ptmx pseudo-terminal. */
> +static void
> +test_not_ptmx (void)
> +{
> + int ptmx = posix_openpt (O_RDWR);
> + TEST_VERIFY_EXIT (ptmx >= 0);
> + TEST_COMPARE (grantpt (ptmx), 0);
> + TEST_COMPARE (unlockpt (ptmx), 0);
> +
> + const char *name = ptsname (ptmx);
> + TEST_VERIFY_EXIT (name != NULL);
> + int pts = open (name, O_RDWR | O_NOCTTY);
> + TEST_VERIFY_EXIT (pts >= 0);
> +
> + TEST_COMPARE (grantpt (pts), -1);
> + TEST_COMPARE (errno, EINVAL);
>
> - return ret;
> + xclose (pts);
> + xclose (ptmx);
> }
>
Ok.
> static int
> do_test (void)
> {
> - int result = 0;
> -
> - result += test_ebadf ();
> - result += test_einval ();
> -
> - return result;
> + test_ebadf ();
> + test_einval ();
> + test_not_ptmx ();
> + return 0;
> }
>
> -#define TEST_FUNCTION do_test ()
> -#include "../test-skeleton.c"
> +#include <support/test-driver.c>
>
Ok.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking
@ 2020-08-05 7:14 Florian Weimer
2020-08-13 18:21 ` Adhemerval Zanella
0 siblings, 1 reply; 14+ messages in thread
From: Florian Weimer @ 2020-08-05 7:14 UTC (permalink / raw)
To: libc-alpha
The test now requires working /dev/pts pseudo-terminals.
A new subtest (test_not_ptmx) attempts to call grantpt on a
pseudo-terminal that is not a ptmx device. POSIX requires an EINVAL
error in this case.
---
login/tst-grantpt.c | 93 ++++++++++++++++++++++++++++-----------------
1 file changed, 58 insertions(+), 35 deletions(-)
diff --git a/login/tst-grantpt.c b/login/tst-grantpt.c
index 65bb344909..1d7a220fcf 100644
--- a/login/tst-grantpt.c
+++ b/login/tst-grantpt.c
@@ -1,3 +1,21 @@
+/* Test for grantpt error corner cases.
+ Copyright (C) 2001-2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
@@ -6,76 +24,81 @@
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <support/check.h>
+#include <support/temp_file.h>
+#include <support/xunistd.h>
-static int
+/* Test grantpt with a closed descriptor. */
+static void
test_ebadf (void)
{
int fd, ret, err;
fd = posix_openpt (O_RDWR);
if (fd == -1)
- {
- printf ("posix_openpt(O_RDWR) failed\nerrno %d (%s)\n",
- errno, strerror (errno));
- /* We don't fail because of this; maybe the system does not have
- SUS pseudo terminals. */
- return 0;
- }
- unlockpt (fd);
- close (fd);
+ FAIL_EXIT1 ("posix_openpt(O_RDWR) failed\nerrno %d (%m)\n", errno);
+ TEST_COMPARE (unlockpt (fd), 0);
+ xclose (fd);
ret = grantpt (fd);
err = errno;
if (ret != -1 || err != EBADF)
{
+ support_record_failure ();
printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EBADF);
printf (" got: return = %d, errno = %d\n", ret, err);
- return 1;
}
- return 0;
}
-static int
+/* Test grantpt on a regular file. */
+static void
test_einval (void)
{
int fd, ret, err;
- const char file[] = "./grantpt-einval";
- fd = open (file, O_RDWR | O_CREAT, 0600);
- if (fd == -1)
- {
- printf ("open(\"%s\", O_RDWR) failed\nerrno %d (%s)\n",
- file, errno, strerror (errno));
- return 0;
- }
- unlink (file);
+ fd = create_temp_file ("tst-grantpt-", NULL);
+ TEST_VERIFY_EXIT (fd >= 0);
ret = grantpt (fd);
err = errno;
if (ret != -1 || err != EINVAL)
{
+ support_record_failure ();
printf ("grantpt(): expected: return = %d, errno = %d\n", -1, EINVAL);
printf (" got: return = %d, errno = %d\n", ret, err);
- ret = 1;
}
- else
- ret = 0;
- close (fd);
+ xclose (fd);
+}
+
+/* Test grantpt on a non-ptmx pseudo-terminal. */
+static void
+test_not_ptmx (void)
+{
+ int ptmx = posix_openpt (O_RDWR);
+ TEST_VERIFY_EXIT (ptmx >= 0);
+ TEST_COMPARE (grantpt (ptmx), 0);
+ TEST_COMPARE (unlockpt (ptmx), 0);
+
+ const char *name = ptsname (ptmx);
+ TEST_VERIFY_EXIT (name != NULL);
+ int pts = open (name, O_RDWR | O_NOCTTY);
+ TEST_VERIFY_EXIT (pts >= 0);
+
+ TEST_COMPARE (grantpt (pts), -1);
+ TEST_COMPARE (errno, EINVAL);
- return ret;
+ xclose (pts);
+ xclose (ptmx);
}
static int
do_test (void)
{
- int result = 0;
-
- result += test_ebadf ();
- result += test_einval ();
-
- return result;
+ test_ebadf ();
+ test_einval ();
+ test_not_ptmx ();
+ return 0;
}
-#define TEST_FUNCTION do_test ()
-#include "../test-skeleton.c"
+#include <support/test-driver.c>
--
2.26.2
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-10-07 9:31 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-27 10:14 [PATCH 0/3] Linux: Rework Linux PTY support Florian Weimer
2020-05-27 10:14 ` [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking Florian Weimer
2020-10-02 17:08 ` Adhemerval Zanella
2020-05-27 10:14 ` [PATCH 2/3] Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053) Florian Weimer
2020-10-02 17:10 ` Adhemerval Zanella
2020-05-27 10:14 ` [PATCH 3/3] Linux: Require properly configured /dev/pts for PTYs Florian Weimer
2020-05-27 10:31 ` Christian Brauner
2020-10-02 17:20 ` Adhemerval Zanella
2020-10-02 17:26 ` Florian Weimer
2020-10-07 9:31 ` Florian Weimer
2020-08-05 7:14 [PATCH 1/3] login/tst-grantpt: Convert to support framework, more error checking Florian Weimer
2020-08-13 18:21 ` Adhemerval Zanella
2020-08-13 18:31 ` Florian Weimer
2020-08-13 18:58 ` Adhemerval Zanella
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).