(*** This bug was imported into bugs.kde.org ***) Package: konsole Version: KDE 3.0.0 Severity: normal Installed from: Unlisted Binary Package Compiler: gcc version 2.95.3 20010315 (release) [FreeBSD] OS: FreeBSD OS/Compiler notes: Not Specified Upgraded KDE-2.2.2 to KDE-3.0. While Konsole appears to work the same CHOWN errors others reported are still appearing with KDE-3.0. konsole_grantpty: cannot determine the name of device. konsole: chownpty failed for device /dev/ptyp0::/dev/ttyp0. : This means the session can be eavesdroped. : Make sure konsole_grantpty is installed in : /usr/local/bin/ and setuid root. freebsd2/ttyv1: ll /usr/local/bin/konsole* -r-xr-xr-x 1 root wheel 309344 Apr 2 19:06 /usr/local/bin/konsole -rwsr-xr-x 1 root wheel 5380 Apr 2 19:06 /usr/local/bin/konsole_grantpty -r-xr-xr-x 1 root wheel 19192 Apr 2 03:46 /usr/local/bin/konsolekalendar freebsd2/ttyv1: ll /dev/ptyp0* crw-rw-rw- 1 root wheel 6 0 May 22 21:46 /dev/ptyp0 freebsd2/ttyv1/jimd: ll /dev/ttyp0* crw-r--r-- 1 root wheel 5 0 May 22 21:46 /dev/ttyp0 (Submitted via bugs.kde.org)
I've spent a while tracking down the FreeBSD problem with chownpty and it seems that the problem is with the dup2() failing before spawning konsole_grantpty. (When dup2() fails you're just silently exiting rather than printing and error) I can't see any reason why this would fail (it's failing and setting errno to EBADF) and I even added some printf()s to my kernel code and the _only_ place where EBADF can be reported by the dup2 system call isn't being hit. The file descriptor is definately valid as I added a fcntl(fd F_GETFD) right before the dup2() and the fcntl succeeds. I wrote a testcase program to try and duplicate the error and was unable to reproduce the problem. I'm also not convinced that there isn't a race condition even when chownpty does succeed (at-least with the Linux/*BSD method of obtaining the pty devices) in the time between when the master device is openned and the time when the ownership/permissions are set.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 29 August 2002 04:45 pm Michael Samuel wrote: > I've spent a while tracking down the FreeBSD problem with chownpty and > it seems that the problem is with the dup2() failing before spawning > konsole_grantpty. (When dup2() fails you're just silently exiting > rather than printing and error) > > I can't see any reason why this would fail (it's failing and setting > errno to EBADF) and I even added some printf()s to my kernel code and > the _only_ place where EBADF can be reported by the dup2 system call > isn't being hit. > > The file descriptor is definately valid as I added a fcntl(fd F_GETFD) > right before the dup2() and the fcntl succeeds. Can it be that the problem is with PTY_FILENO? Does it matter if you add a= =20 close(PTY_FILENO) in front of it? Cheers Waldo - --=20 bastian@kde.org | SuSE Labs KDE Developer | bastian@suse.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9bryTN4pvrENfboIRAo1ZAJwL6UEwrKEp7g/4zhx38PKHAMWxfQCcDBgk rhdNOr5kAO+4zWzjrm5bIEk=3D =3DMdX+ -----END PGP SIGNATURE-----
Ok I figured it out. The dup2() it's using is from libc_r which is the thread library on FreeBSD. In the libc_r wrapper there's this code: /* Check if the file descriptor is out of range: */ if (newfd < 0 || newfd >= _thread_dtablesize || newfd == _thread_kern_pipe[0] || newfd == _thread_kern_pipe[1]) { /* Return a bad file descriptor error: */ errno = EBADF; ret = -1; } Any guesses what numbers are in _thread_kern_pipe[0] and _thread_kern_pipe[1] (which are setup shortly after setting up stdin stdout and stderr)? So when I changed PTY_FILENO to 15 it now works :) Of course that doesn't fix the race condition still present on all systems. (what happens if somebody opens the tty device before we do the chown but after we open the pty master?) -- Michael Samuel <michael@miknet.net>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 29 August 2002 11:07 pm Michael Samuel wrote: > Ok I figured it out. > > The dup2() it's using is from libc_r which is the thread library on > FreeBSD. > > In the libc_r wrapper there's this code: > > /* Check if the file descriptor is out of range: */ > if (newfd < 0 || newfd >=3D _thread_dtablesize || > newfd =3D=3D _thread_kern_pipe[0] || newfd =3D=3D _thread_ker= n_pipe[1]) > { /* Return a bad file descriptor error: */ > errno =3D EBADF; > ret =3D -1; > } > > Any guesses what numbers are in _thread_kern_pipe[0] and > _thread_kern_pipe[1] (which are setup shortly after setting up stdin > stdout and stderr)? > > So when I changed PTY_FILENO to 15 it now works :) Remarkable. > Of course that doesn't fix the race condition still present on all > systems. (what happens if somebody opens the tty device before we do the > chown but after we open the pty master?) I have no idea how any of this is supposed to work. Cheers Waldo - --=20 bastian@kde.org | SuSE Labs KDE Developer | bastian@suse.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9cbEsN4pvrENfboIRAp7gAJ4+t9pKaq93JWJpR4aRf77Qj29boQCfeqbl jrI1KNxmrj7zDlCvsTz5cqU=3D =3DteoN -----END PGP SIGNATURE-----
>> Of course that doesn't fix the race condition still present on all >> systems. (what happens if somebody opens the tty device before we do >> the >> chown but after we open the pty master?) >I have no idea how any of this is supposed to work. Well in konsole_grantpty.c after the chown and chmod you simply do a revoke then all's OK. (There's no man page for revoke in Debian but it's in unistd.h and FreeBSD has a man page entry) So right before the "return 0;" add this code block in: if (revoke(tty) < 0) { fprintf(stderr"%s: cannot revoke %s.\n"argv[0]tty); perror("Reason"); return 1; /* FAIL */ } Once you've done that you can just release a security advisory and all's OK :) -- Michael Samuel <michael@miknet.net>
O yeah, now I remember what goes on. I fixed this problem, mostly, a while back. And promptly lost the patch. The problem stems from the fact that FBSD processes have plenty of FDs open. So while 0,1,2 are stdin, stdout, stderr, as on Linux, FBSD KDE processes also have 3...12 (or so) open for all the pipes and streams and whatnot that they use. For example, my klipper has adridg kdeinit 198 3* pipe cb24d0e0 <-> cb24d040 0 rw Apparently dup2()ing to 3 fails. (Strangely, this is a pipe to .. klipper. But FD 5, for example, is the DCOP stream.) So just changing the FILENO define to something else may work, but can just as easily break if the infrastructure fails. In addition, just making it a big number N runs the risk of having someone open gobs of konsole windows in one process and running into that number, dup2()ing onto itself and then having FD N stomped on with the next opened konsole window. I think the right way to deal with this is to let go of FILENO as a constant and make it a variable initialized at runtime by open()in /dev/null and using the returned FD as grantyprt control FD. This adds the complication that now you have to pass the control FD to grantpty, but that's not that hard.
Subject: Re: [Konsole-devel] chownpty failed for /dev/ptyp0::/dev/ttypp0 in KDE-3.0 On Monday 17 February 2003 15:26, Adriaan De Groot wrote: > The problem stems from the fact that FBSD processes have plenty of FDs > open. So while 0,1,2 are stdin, stdout, stderr, as on Linux, FBSD KDE > processes also have 3...12 (or so) open for all the pipes and streams and > whatnot that they use. dup2 is supposed to close the file descriptor if it was still open. I was told that on FBSD fd 3 is some special sort of kernel communication pipe (?) and that it can't be closed for that reason. I changed it to 42 afterwards and I'm sure that Oswald has changed/will change it to something more flexible. Cheers, Waldo
I have a similar problem with kde-3.1.2 on linux mandrake 9 compiled on my machine If a non root user starts konsole the following error occurs. I have read that it may be related to kdm also not working for non-root users on my machine. [dnw@capulet schily]$ konsole Loading required GL library /usr/X11R6/lib/libGL.so.1.2 ptsname: No such file or directory konsole_grantpty: cannot revoke /dev/ttypa. Reason: Function not implemented konsole: chownpty failed for device /dev/ptypa::/dev/ttypa. : This means the session can be eavesdroped. : Make sure konsole_grantpty is installed in : /usr/bin/ and setuid root. undecodable token: \001b(hex)[36l
In CVS HEAD (KDE 3.2) (probably 3.1.4 as well, I forget when I fixed this), as long as konsole_grantpty (kgrantpty in HEAD) is setuid root, you don't get the warning message anymore. You may have trouble opening konsole sessions though, since sometimes it only lets every other attempt through - rather odd, but that's a separate bug (for someone else to file).
I have compiled kde 3.1.5 using the konstruct script and I get the sane "chownpty failed" error message. Setuid root konsole_grantpty does not help.