Re: [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup
From: Linus Torvalds
Date: Mon Apr 11 2016 - 20:01:53 EST
On Mon, Apr 11, 2016 at 4:37 PM, Eric W. Biederman
<ebiederm@xxxxxxxxxxxx> wrote:
>
> My practical concern if we worked through the implementation details
> would be how would it interact with people who bind mount /dev/pts/ptmx
> on top of /dev/ptmx. We might get some strange new errors.
Yes, please don't let's play "clever" games. The semantics should be
fairly straightforward.
I still don't understand why people think that you shouldn't be able
to access a 'pts' subsystem that is accessible to others. If you can
bind-mount the pts directory somewhere, then you can damn well already
see that pts mount, claiming that somehow it should be sacred ground
and you shouldn't be able to access it with a ptmx node outside of it
is just insane.
So people have been bringing that up as an issue, but nobody has ever
actually been able to articulate why anybody should ever care.
Now people are just making up random odd semantics. Nobody has ever
explained why the _simple_ "ptmx binds to the pts directory next to
it" is actually problem. Even for a bind mount, you have to be able to
open the point you're mounting, so we know that the "attacker" already
had access to the pts subdirectory.
If somebody wants to keep the pts mount private, they should damn well
keep it _private_. I don't understand peoples "oh, you can access it
but you can't access it".excuses.
Linus