no, I see now, tru64 pty ownership wrong on entry to setup_sia, may need /usr/lbin/chgpt (WAS Re: Tru64 privsep patch testing)

Toni L. Harbaugh-Blackford harbaugh at nciaxp.ncifcrf.gov
Fri Aug 30 21:51:16 EST 2002 

I put in some more debugging statements, and also looked at the terminal
ownership after I logged in via the tru64 patch

When logged in via the patch, this is the ownership of *my* terminal:

     fchelp{harbaugh} [/users/primgr/harbaugh]
     103% tty
     /dev/pts/2
     fchelp{harbaugh} [/users/primgr/harbaugh]
     104% ls -la /dev/pts/2  
     crw-rw-rw-   2 root     system     6,  2 Aug 30 07:41 /dev/pts/2

When logged in 'normally', this is the ownership:

     fchelp{harbaugh} [/www/harbaugh/51A/20020829/openssh]
     125% tty
     /dev/pts/1
     fchelp{harbaugh} [/www/harbaugh/51A/20020829/openssh]
     126% ls -la /dev/pts/1
     crw--w----   2 harbaugh terminal   6,  1 Aug 30 07:42 /dev/pts/1

I know that Tru64 *itself* uses the setuid program /usr/lbin/chgpt to allow
ownership change of a terminal by a non-privileged process, but I can't find
my reference for how it is used.  Of course, it is undocumented.

Otherwise, a privileged process will have to change the ownership.

On Fri, 30 Aug 2002, Toni L. Harbaugh-Blackford wrote:

  > On Thu, 29 Aug 2002, David Potterveld wrote:
  > 
  >   > Hi Ben,
  >   > 
  >   > > I assume you are going against --current or a more recent snapshot.
  >   > 
  >   > Well, I was using 3.4p1. I just downloaded, patched, and built the
  >   > 20020826 snapshot. This does behave differently... I ran sshd interactively
  >   > (sshd -e -d -d -d) and tried to connect with a client. The privileged process
  >   > commits the same error as before. The difference is that now it doesn't
  >   > tear down the client session when it exits, and the client appears functional
  >   > (warning: not tested yet beyond simply getting a shell.)
  > 
  > Yes, I saw this too.
  > 
  >   > So it seems to me that
  >   > there is still something wrong in the logic: at this point, the privileged
  >   > process shouldn't be trying to launch another session on this tty, and it
  >   > just happens to work now because the unprivileged process is better isolated.
  > 
  > Could you help me follow the code here (I'm getting lost between the unprivileged
  > and privileged processes)?...
  > 
  > Where does the unprivileged process setup it's session?  Does setup_sia()
  > get called twice (once in the privileged process and once in the
  > unprivileged process) or is a different (non SIA) method used by the
  > unprivileged process?
  > 
  > 
  > -----------------------------------------------------------------------
  > Toni Harbaugh-Blackford                     harbaugh at nciaxp.ncifcrf.gov
  > AlphaServer 8400 System Administrator
  > SAIC/NCI Frederick Advanced Biomedical Computing Center
  > 
  > _______________________________________________
  > openssh-unix-dev at mindrot.org mailing list
  > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
  > 

-----------------------------------------------------------------------
Toni Harbaugh-Blackford                     harbaugh at nciaxp.ncifcrf.gov
AlphaServer 8400 System Administrator
SAIC/NCI Frederick Advanced Biomedical Computing Center

More information about the openssh-unix-dev mailing list