[Nix-dev] grantpt(), new file with setuid bit set, annoying consequences
Lluís Batlle
viriketo at gmail.com
Sat Jan 9 13:49:51 CET 2010
Hello,
The behaviour of the 'grantpt()' glibc call has changed in glibc 2.11.
This is used by 'screen' and X terminals to set the proper permissions
to /dev/pts/foo terminals. For example, these should get the group
'tty' for any 'mesg y' to work (talk, write, ...). Also shutdown
messages use 'write', I think.
In glibc previous to 2.11 there was a special clause for linux and the
special devpts filesystem:
/* If the slave pseudo terminal lives on a `devpts' filesystem, the
ownership and access permission are already set. */
if (fsbuf.f_type == DEVPTS_SUPER_MAGIC || fsbuf.f_type == DEVFS_SUPER_MAGIC)
return 0;
Now this code is not there anymore, and there is no special case for
linux, so this means that a chown is attempted to "useruid:tty" into
that /dev/pts/X file. This call will fail, and the behaviour of the
grantpt() call is to then call an external glibc program
(glibcpath/libexec/pt_chown), that must have the setuid bit set and be
root owned, and this will do the proper chown for the dev pts file.
These problems will not appear if the users calling grantpt() (users
of gnu screen, for example) belong in the tty group.
So, what do you propose?
1. In nixos, set pt_chown to the 'setuid' magic. This will make
nix-installed gnu screen or x terminals fail in non-nixos.
2. Remind the users that they should belong to the tty group to use
screen or x terminals
3. Something you think better and I have not written here.
About '2', I think users belonging to the tty group makes any of those
users being able to write to others' terminals, which may be not what
we want as a 'the nixos way'.
Regards,
Lluís.
More information about the nix-dev
mailing list