home *** CD-ROM | disk | FTP | other *** search
- From: urban@cbnewsl.att.com (john.urban)
- Newsgroups: alt.security,alt.sources,comp.unix.internals
- Subject: Re: BSD tty security - an example
- Message-ID: <1991May9.182941.16988@cbnewsl.att.com>
- Date: 9 May 91 18:29:41 GMT
-
- In article <15678@life.ai.mit.edu> fidelio@geech.gnu.ai.mit.edu (Rob J. Nauta) writes:
- >Here's a small program I wrote a while back. It speaks for itself,
- >compile it, run it in the background (with &) and sit back.
- >This program is an official release of the TimeWasters from HOLLAND !
- >
- >---
- > close(0); /* close stdin */
- >#ifdef ULTRIX
- > if(setpgrp(0,100)==-1)
- > perror("setpgrp:"); /* Hopefully this works */
- >#else
- > if(setsid()==-1)
- > perror("setsid:"); /* Disconnect from our controlling TTY and
- > start a new session as sessionleader */
- >#endif
- > f=fopen(term,"r"); /* Open tty as a stream, this guarantees
- > getting file descriptor 0 */
- > if (f==NULL)
- > { printf("Error opening %s with fopen()\n",term);
- > exit(2);
- > }
- > if (DEBUG) system("ps -xu>>/dev/null &");
- > fclose(f); /* Close the TTY again */
- > f=fopen("/dev/tty","r"); /* We can now use /dev/tty instead */
- > if (f==NULL)
- > { printf("Error opening /dev/tty with fopen()\n",term);
- > exit(2);
- > }
-
- This program does not exhibit the problem on AT&T UNIX System V/386 Release 4.0
- Version 2.[01]. The fopen of "/dev/tty" fails because the setsid() passed
- successfully.
-
- In this small program:
- # cat T.c
- main()
- {
- setsid();
- fopen("/dev/tty", "r");
- }
- # make T
- cc -O T.c -o T
- # truss ./T
-
- You'll see the fopen fails w/ ENXIO. If the setsid() is removed, then the
- fopen passes fine.
-
-
- Sincerely,
-
- John Ben Urban
-
