Last week, I did a bit of experimentation to look at privilege issues in the allocation of ptys on FreeBSD. Right now, to safely allocate a pty/tty pair, you basically need privilege (otherwise you can't chown/chmod the slave node). I took a look at some of the approaches used by other systems (specifically Linux, Solaris) and implemented basic ptmx support for FreeBSD: http://www.watson.org/~robert/freebsd/pts/ I took the existing tty_pty.c driver code and remunged most of the dev_t and clone handling, as well as open/close of both master and slave. It's far from perfect -- more of an experiment really, but it has some notable benefits, including allowing programs like window, xterm, etc, to allocate ptys safely without privilege (although utmp still requires privilege if you're into that sort of thing). pts/ttys are also GC'd to reset ownership/permissions/flags in a race-free manner. The one bug I've been bumping my head against and haven't yet manage to resolve is that controlling tty support appears to be broken -- perhaps a property of the ordering of dev_t vs. tty initialization. The one other caveat is that to allocate a new pty, it's sufficient to lookup /dev/ptmx, not just open it, due to our devfs cloning approach. I probably need some timeout to talk along and GC allocated but unopened ptys. I include some lightweight implementations of openpty(), grantpt(), etc, based on the kernel code. Ideally, the libraries would support backward compatibility, however, preferring ptmx/pts over pty/tty but supporting kernels with either... Thoughts, etc, welcome -- I probably don't have time to follow through effectively on this for a few weeks, so if someone else wants to grab and run with it (perhaps throwing out my implementation on the way), they should feel free. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert_at_fledge.watson.org Network Associates LaboratoriesReceived on Sun Oct 05 2003 - 16:26:01 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:24 UTC