Correct an oversight in jail() that allowed processes in jail to access

ptys in ways that might be unethical, especially towards processes not in jail, or in other jails. Submitted by: phk Reviewed by: rwatson Approved by: jkh
svn path=/head/; revision=57070
2024-12-03 19:08:58 +00:00 · 2000-02-09 03:32:11 +00:00 · 2000-02-09 03:32:11 +00:00 · 35a0a88fda · 2020-12-20 02:59:44 +00:00
commit 35a0a88fda
parent 0db018f059
1 changed files with 8 additions and 1 deletions
--- a/sys/kern/tty_pty.c
+++ b/sys/kern/tty_pty.c
@ -118,6 +118,7 @@ struct	pt_ioctl {
 	u_char	pt_ucntl;
 	struct tty pt_tty;
 	dev_t	devs, devc;
+	struct	prison *pt_prison;
 };

 #define	PF_PKT		0x08		/* packet mode */
@ -170,6 +171,7 @@ ptsopen(dev, flag, devtype, p)
 	int error;
 	int minr;
 	dev_t nextdev;
+	struct pt_ioctl *pti;

 	/*
 	 * XXX: Gross hack for DEVFS:
@ -187,6 +189,7 @@ ptsopen(dev, flag, devtype, p)
 		ptyinit(minor(dev));
 	if (!dev->si_drv1)
 		return(ENXIO);	
+	pti = dev->si_drv1;
 	tp = dev->si_tty;
 	if ((tp->t_state & TS_ISOPEN) == 0) {
 		ttychars(tp);		/* Set up default chars */
@ -195,8 +198,11 @@ ptsopen(dev, flag, devtype, p)
 		tp->t_lflag = TTYDEF_LFLAG;
 		tp->t_cflag = TTYDEF_CFLAG;
 		tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
-	} else if (tp->t_state & TS_XCLUDE && suser(p))
+	} else if (tp->t_state & TS_XCLUDE && suser(p)) {
 		return (EBUSY);
+	} else if (pti->pt_prison != p->p_prison) {
+		return (EBUSY);
+	}
 	if (tp->t_oproc)			/* Ctrlr still around. */
 		(void)(*linesw[tp->t_line].l_modem)(tp, 1);
 	while ((tp->t_state & TS_CARR_ON) == 0) {
@ -354,6 +360,7 @@ ptcopen(dev, flag, devtype, p)
 	(void)(*linesw[tp->t_line].l_modem)(tp, 1);
 	tp->t_lflag &= ~EXTPROC;
 	pti = dev->si_drv1;
+	pti->pt_prison = p->p_prison;
 	pti->pt_flags = 0;
 	pti->pt_send = 0;
 	pti->pt_ucntl = 0;