Re: PTY feature? or bug?

Raul Miller (rdm@tad.micro.umn.edu)
26 Apr 1996 18:11:20 GMT


Alexey Kuznetsov:
> I've just made exciting experiment.
>
> ttyp0 is not allocated.
>
> I start cat /dev/ttyp0
> It is running (or sleeps after my fix).
>
> Then I start emacs and make M-x shell.
> It is funny: all the input goes to cat!
> (Unfortunately, emacs is not allowed to make vhangup)

Theodore Ts'o:
> This is a bug in emacs and in script; they both allocate pty's
> insecurely. I think this problem has been brought up before on
> various emacs lists, but remember RMS's MIT AI-lab heritage; he
> doesn't really care about security (he tells everyone his password
> is "rms" --- why should he worry about security?).

I think it's a bad idea to take a perfectly reasonable technical
discussion and turn it into a discussion of someone else's
personality. [Particularly when that person is not taking part of the
discussion.] That would be a good way to start people fighting, but
not a good way of resolving the technical issues.

This is a bug in emacs if the current behavior has some reasonable
use or is part of some standard. This is a bug in the kernel if
there's no reason for the current behavior.

If this is a bug in emacs, it should be reported as an emacs bug.
[Race condition between emacs and whatever this reasonable use is. Or
violation of whatever relevant standard.]

If this is a kernel bug, this is a reasonable topic for this list.

> Bottom line? For right now, we're following BSD. If we want to
> make changes to plug some security holes, let's plug *all* of the
> security holes, which will probably mean redesigning how all
> applications obtain their pseudo-ttys.

I emphatically agree with this.

I'd also like to recommend that if we continue to follow BSD that
someone excerpt Ted's comments on how to do this right as a pty
mini-howto, and send a copy to the maintainers of programs like emacs,
script and term.

Better yet, the helper program should get a decent name
(say, /usr/bin/allocpty) and be made a part of all standard linux
systems. [If it's the right answer, that is.]

-- 
Raul