BSD tty security - an example

john.urban urban at cbnewsl.att.com
Fri May 10 04:29:41 AEST 1991


In article <15678 at life.ai.mit.edu> fidelio at geech.gnu.ai.mit.edu (Rob J. Nauta) writes:
>Here's a small program I wrote a while back. It speaks for itself,
>compile it, run it in the background (with &) and sit back.
>This program is an official release of the TimeWasters from HOLLAND !
>
>---
>        close(0);               /* close stdin */
>#ifdef ULTRIX
>	if(setpgrp(0,100)==-1)
>		perror("setpgrp:");     /* Hopefully this works */
>#else
>	if(setsid()==-1)
>		perror("setsid:"); /* Disconnect from our controlling TTY and
>                                   start a new session as sessionleader */
>#endif
>        f=fopen(term,"r");      /* Open tty as a stream, this guarantees
>                                           getting file descriptor 0 */
>        if (f==NULL)
>        {       printf("Error opening %s with fopen()\n",term);
>                exit(2);
>        }
>	if (DEBUG) system("ps -xu>>/dev/null &");
>        fclose(f);              /* Close the TTY again */
>        f=fopen("/dev/tty","r");        /* We can now use /dev/tty instead */
>        if (f==NULL)
>        {       printf("Error opening /dev/tty with fopen()\n",term);
>                exit(2);
>        }

This program does not exhibit the problem on AT&T UNIX System V/386 Release 4.0
Version 2.[01]. The fopen of "/dev/tty" fails because the setsid() passed
successfully.

In this small program:
	# cat T.c
	main()
	{
		setsid();
		fopen("/dev/tty", "r");
	}
	# make T
	cc -O T.c -o T
	# truss ./T

	You'll see the fopen fails w/ ENXIO.  If the setsid() is removed, then the
fopen passes fine.


Sincerely,

John Ben Urban



More information about the Comp.unix.internals mailing list