From 35a0a88fdad3cf7c7fd4e06c03fda85e3a14e3ca Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Wed, 9 Feb 2000 03:32:11 +0000 Subject: [PATCH] Correct an oversight in jail() that allowed processes in jail to access ptys in ways that might be unethical, especially towards processes not in jail, or in other jails. Submitted by: phk Reviewed by: rwatson Approved by: jkh --- sys/kern/tty_pty.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c index 539ee0bf6541..14269c131616 100644 --- a/sys/kern/tty_pty.c +++ b/sys/kern/tty_pty.c @@ -118,6 +118,7 @@ struct pt_ioctl { u_char pt_ucntl; struct tty pt_tty; dev_t devs, devc; + struct prison *pt_prison; }; #define PF_PKT 0x08 /* packet mode */ @@ -170,6 +171,7 @@ ptsopen(dev, flag, devtype, p) int error; int minr; dev_t nextdev; + struct pt_ioctl *pti; /* * XXX: Gross hack for DEVFS: @@ -187,6 +189,7 @@ ptsopen(dev, flag, devtype, p) ptyinit(minor(dev)); if (!dev->si_drv1) return(ENXIO); + pti = dev->si_drv1; tp = dev->si_tty; if ((tp->t_state & TS_ISOPEN) == 0) { ttychars(tp); /* Set up default chars */ @@ -195,8 +198,11 @@ ptsopen(dev, flag, devtype, p) tp->t_lflag = TTYDEF_LFLAG; tp->t_cflag = TTYDEF_CFLAG; tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; - } else if (tp->t_state & TS_XCLUDE && suser(p)) + } else if (tp->t_state & TS_XCLUDE && suser(p)) { return (EBUSY); + } else if (pti->pt_prison != p->p_prison) { + return (EBUSY); + } if (tp->t_oproc) /* Ctrlr still around. */ (void)(*linesw[tp->t_line].l_modem)(tp, 1); while ((tp->t_state & TS_CARR_ON) == 0) { @@ -354,6 +360,7 @@ ptcopen(dev, flag, devtype, p) (void)(*linesw[tp->t_line].l_modem)(tp, 1); tp->t_lflag &= ~EXTPROC; pti = dev->si_drv1; + pti->pt_prison = p->p_prison; pti->pt_flags = 0; pti->pt_send = 0; pti->pt_ucntl = 0;