Bug 42986 - chownpty failed for /dev/ptyp0::/dev/ttypp0 in KDE-3.0
Summary: chownpty failed for /dev/ptyp0::/dev/ttypp0 in KDE-3.0
Status: RESOLVED FIXED
Alias: None
Product: konsole
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: unspecified FreeBSD
: NOR normal
Target Milestone: ---
Assignee: Konsole Developer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-05-23 07:18 UTC by jimd
Modified: 2004-02-09 06:47 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description jimd 2002-05-23 07:16:22 UTC
(*** This bug was imported into bugs.kde.org ***)

Package:           konsole
Version:           KDE 3.0.0 
Severity:          normal
Installed from:    Unlisted Binary Package
Compiler:          gcc version 2.95.3 20010315 (release) [FreeBSD]
OS:                FreeBSD
OS/Compiler notes: Not Specified

Upgraded KDE-2.2.2 to KDE-3.0. While Konsole appears to work the same CHOWN errors others reported are still appearing with KDE-3.0.

konsole_grantpty: cannot determine the name of device.
konsole: chownpty failed for device /dev/ptyp0::/dev/ttyp0.
: This means the session can be eavesdroped.
: Make sure konsole_grantpty is installed in
: /usr/local/bin/ and setuid root.


freebsd2/ttyv1: ll /usr/local/bin/konsole*
-r-xr-xr-x  1 root  wheel  309344 Apr  2 19:06 /usr/local/bin/konsole
-rwsr-xr-x  1 root  wheel    5380 Apr  2 19:06 /usr/local/bin/konsole_grantpty
-r-xr-xr-x  1 root  wheel   19192 Apr  2 03:46 /usr/local/bin/konsolekalendar

freebsd2/ttyv1: ll /dev/ptyp0*
crw-rw-rw-  1 root  wheel    6   0 May 22 21:46 /dev/ptyp0
freebsd2/ttyv1/jimd: ll /dev/ttyp0*
crw-r--r--  1 root  wheel    5   0 May 22 21:46 /dev/ttyp0


(Submitted via bugs.kde.org)
Comment 1 Bugzilla Maintainers 2002-08-29 23:45:44 UTC
I've spent a while tracking down the FreeBSD problem with chownpty and
it seems that the problem is with the dup2() failing before spawning
konsole_grantpty. (When dup2() fails you're just silently exiting
rather than printing and error)

I can't see any reason why this would fail (it's failing and setting
errno to EBADF) and I even added some printf()s to my kernel code and
the _only_ place where EBADF can be reported by the dup2 system call
isn't being hit.

The file descriptor is definately valid as I added a fcntl(fd F_GETFD)
right before the dup2() and the fcntl succeeds.

I wrote a testcase program to try and duplicate the error and was
unable to reproduce the problem.

I'm also not convinced that there isn't a race condition even when
chownpty does succeed (at-least with the Linux/*BSD method of obtaining
the pty devices) in the time between when the master device is openned
and the time when the ownership/permissions are set.
Comment 2 Waldo Bastian 2002-08-30 00:30:11 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 29 August 2002 04:45 pm Michael Samuel wrote:
> I've spent a while tracking down the FreeBSD problem with chownpty and
> it seems that the problem is with the dup2() failing before spawning
> konsole_grantpty. (When dup2() fails you're just silently exiting
> rather than printing and error)
>
> I can't see any reason why this would fail (it's failing and setting
> errno to EBADF) and I even added some printf()s to my kernel code and
> the _only_ place where EBADF can be reported by the dup2 system call
> isn't being hit.
>
> The file descriptor is definately valid as I added a fcntl(fd F_GETFD)
> right before the dup2() and the fcntl succeeds.

Can it be that the problem is with PTY_FILENO? Does it matter if you add a=
=20
close(PTY_FILENO) in front of it?

Cheers
Waldo
- --=20
bastian@kde.org  |   SuSE Labs KDE Developer  |  bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9bryTN4pvrENfboIRAo1ZAJwL6UEwrKEp7g/4zhx38PKHAMWxfQCcDBgk
rhdNOr5kAO+4zWzjrm5bIEk=3D
=3DMdX+
-----END PGP SIGNATURE-----
Comment 3 Bugzilla Maintainers 2002-08-30 06:07:28 UTC
Ok I figured it out.

The dup2() it's using is from libc_r which is the thread library on
FreeBSD.

In the libc_r wrapper there's this code:

        /* Check if the file descriptor is out of range: */
        if (newfd < 0 || newfd >= _thread_dtablesize ||
            newfd == _thread_kern_pipe[0] || newfd == _thread_kern_pipe[1]) {
                /* Return a bad file descriptor error: */
                errno = EBADF;
                ret = -1;
        }

Any guesses what numbers are in _thread_kern_pipe[0] and
_thread_kern_pipe[1] (which are setup shortly after setting up stdin
stdout and stderr)?

So when I changed PTY_FILENO to 15 it now works :)

Of course that doesn't fix the race condition still present on all
systems. (what happens if somebody opens the tty device before we do the
chown but after we open the pty master?)

-- 
Michael Samuel <michael@miknet.net>
Comment 4 Waldo Bastian 2002-09-01 06:18:20 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 29 August 2002 11:07 pm Michael Samuel wrote:
> Ok I figured it out.
>
> The dup2() it's using is from libc_r which is the thread library on
> FreeBSD.
>
> In the libc_r wrapper there's this code:
>
>         /* Check if the file descriptor is out of range: */
>         if (newfd < 0 || newfd >=3D _thread_dtablesize ||
>             newfd =3D=3D _thread_kern_pipe[0] || newfd =3D=3D _thread_ker=
n_pipe[1])
> { /* Return a bad file descriptor error: */
>                 errno =3D EBADF;
>                 ret =3D -1;
>         }
>
> Any guesses what numbers are in _thread_kern_pipe[0] and
> _thread_kern_pipe[1] (which are setup shortly after setting up stdin
> stdout and stderr)?
>
> So when I changed PTY_FILENO to 15 it now works :)

Remarkable.

> Of course that doesn't fix the race condition still present on all
> systems. (what happens if somebody opens the tty device before we do the
> chown but after we open the pty master?)

I have no idea how any of this is supposed to work.

Cheers
Waldo
- --=20
bastian@kde.org  |   SuSE Labs KDE Developer  |  bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9cbEsN4pvrENfboIRAp7gAJ4+t9pKaq93JWJpR4aRf77Qj29boQCfeqbl
jrI1KNxmrj7zDlCvsTz5cqU=3D
=3DteoN
-----END PGP SIGNATURE-----
Comment 5 Bugzilla Maintainers 2002-09-02 00:40:56 UTC
>> Of course that doesn't fix the race condition still present on all
>> systems. (what happens if somebody opens the tty device before we do
>> the
>> chown but after we open the pty master?)

>I have no idea how any of this is supposed to work.

Well in konsole_grantpty.c after the chown and chmod you simply do
a revoke then all's OK. (There's no man page for revoke in Debian
but it's in unistd.h and FreeBSD has a man page entry)

So right before the "return 0;" add this code block in:

  if (revoke(tty) < 0)
  {
    fprintf(stderr"%s: cannot revoke %s.\n"argv[0]tty); perror("Reason");
    return 1; /* FAIL */
  }

Once you've done that you can just release a security advisory and
all's OK :)

-- 
Michael Samuel <michael@miknet.net>
Comment 6 groot 2003-02-17 15:26:43 UTC
O yeah, now I remember what goes on. I fixed this problem, mostly, a while back. And 
promptly lost the patch. 
 
The problem stems from the fact that FBSD processes have plenty of FDs open. So 
while 0,1,2 are stdin, stdout, stderr, as on Linux, FBSD KDE processes also have 3...12 
(or so) open for all the pipes and streams and whatnot that they use.  For example, my 
klipper has 
 
adridg   kdeinit      198    3* pipe cb24d0e0 <-> cb24d040      0 rw 
 
Apparently dup2()ing to 3 fails. (Strangely, this is a pipe to .. klipper. But FD 5, for 
example, is the DCOP stream.) So just changing the FILENO define to something else 
may work, but can just as easily break if the infrastructure fails. In addition, just making 
it a big number N runs the risk of having someone open gobs of konsole windows in 
one process and running into that number, dup2()ing onto itself and then having FD N 
stomped on with the next opened konsole window. 
 
I think the right way to deal with this is to let go of FILENO as a constant and make it a 
variable initialized at runtime by open()in /dev/null and using the returned FD as 
grantyprt control FD. This adds the complication that now you have to pass the control 
FD to grantpty, but that's not that hard. 
Comment 7 Waldo Bastian 2003-02-17 23:08:46 UTC
Subject: Re: [Konsole-devel]  chownpty failed for /dev/ptyp0::/dev/ttypp0 in KDE-3.0

On Monday 17 February 2003 15:26, Adriaan De Groot wrote:
> The problem stems from the fact that FBSD processes have plenty of FDs
> open. So while 0,1,2 are stdin, stdout, stderr, as on Linux, FBSD KDE
> processes also have 3...12 (or so) open for all the pipes and streams and
> whatnot that they use.

dup2 is supposed to close the file descriptor if it was still open. I was told 
that on FBSD fd 3 is some special sort of kernel communication pipe (?) and 
that it can't be closed for that reason. I changed it to 42 afterwards and 
I'm sure that Oswald has changed/will change it to something more flexible.

Cheers,
Waldo
Comment 8 david wilson 2003-05-29 09:22:08 UTC
I have a similar problem with kde-3.1.2 on linux mandrake 9 compiled on my machine 
If a non root user starts konsole the following error occurs. I have read that it may be related 
to kdm also not working for non-root users on my machine. 
 
 
[dnw@capulet schily]$ konsole 
Loading required GL library /usr/X11R6/lib/libGL.so.1.2 
ptsname: No such file or directory 
konsole_grantpty: cannot revoke /dev/ttypa. 
Reason: Function not implemented 
konsole: chownpty failed for device /dev/ptypa::/dev/ttypa. 
       : This means the session can be eavesdroped. 
       : Make sure konsole_grantpty is installed in 
       : /usr/bin/ and setuid root. 
undecodable token: \001b(hex)[36l 
 
Comment 9 groot 2003-12-30 18:15:10 UTC
In CVS HEAD (KDE 3.2) (probably 3.1.4 as well, I forget when I fixed this), as long as konsole_grantpty (kgrantpty in HEAD) is setuid root, you don't get the warning message anymore. You may have trouble opening konsole sessions though, since sometimes it only lets every other attempt through - rather odd, but that's a separate bug (for someone else to file).
Comment 10 mas 2004-02-09 06:47:26 UTC
I have compiled kde 3.1.5 using the konstruct script and I get the sane "chownpty failed" error message. Setuid root konsole_grantpty does not help.