Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141101214503.GK22465@brightrain.aerifal.cx>
Date: Sat, 1 Nov 2014 17:45:03 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Add login_tty

On Sat, Nov 01, 2014 at 10:15:23PM +0100, Felix Janda wrote:
> > But in this case they're not correct:
> > 
> > >  int forkpty(int *m, char *name, const struct termios *tio, const struct winsize *ws)
> > >  {
> > > -	int s, t, i, istmp[3]={0};
> > > +	int s;
> > >  	pid_t pid;
> > >  
> > >  	if (openpty(m, &s, name, tio, ws) < 0) return -1;
> > >  
> > > -	/* Ensure before forking that we don't exceed fd limit */
> > > -	for (i=0; i<3; i++) {
> > > -		if (fcntl(i, F_GETFL) < 0) {
> > > -			t = fcntl(s, F_DUPFD, i);
> > > -			if (t<0) break;
> > > -			else if (t!=i) close(t);
> > > -			else istmp[i] = 1;
> > > -		}
> > > -	}
> > 
> > This loop is checking whether fd 0/1/2 are already open in the parent,
> > and if not, temporarily allocating them prior to fork to detect an
> > error before fork, since we can't handle errors after fork. The idea
> > is that dup2 might fail when dup'ing onto an unallocated fd, but
> > should never fail when atomically replacing an existing one. I'm not
> > 100% sure this is correct -- the kernel might deallocate some resource
> > then reallocate, rather than using in-place, in which case there would
> > be a resource exhaustion leak -- but that's at least the intent of the
> > code.
> 
> I still don't understand how dup2 can fail when fd 0/1/2 are not open in
> the parent. AFAIU, limits on the number of open fds are imposed by an
> upper bound on the value of any fd. For the dup2 calls we know that the
> newfds are certainly within the limits.

Indeed, looking at the kernel code, I don't see any error paths where
this operation could fail. I had figured some allocations might be
needed to represent the new fd in the fd table, but it seems not. So
the current code is probably unnecessary.

> > > +int login_tty(int fd)
> > > +{
> > > +	setsid();
> > > +	if (ioctl(fd, TIOCSCTTY, (char *)0)) return -1;
> > > +	dup2(fd, 0);
> > > +	dup2(fd, 1);
> > > +	dup2(fd, 2);
> > > +	if (fd>2) close(fd);
> > > +	return 0;
> > > +}
> > 
> > Is login_tty supposed to close the fd passed to it?
> 
> The man page says so.

OK. Surprising, but whatever. :)

In that case maybe your patch is okay as-is, aside from needing to be
factored into two changes -- one for removing useless code and the
other for separating-out login_tty.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.