current-users: Re: pcvt and TIOCCONS

Subject: Re: pcvt and TIOCCONS
To: None <perry@piermont.com>
From: Gordon W. Ross <gwr@mc.com>
List: current-users
Date: 04/11/1996 11:59:14
> Date: Wed, 10 Apr 1996 17:45:57 -0400
> From: "Perry E. Metzger" <perry@piermont.com>

> David Carrel writes:
> > Works fine for me.  Make sure you have read access to /dev/console.  (You
> > might need write access too.  It's been a while since I set this up.)
> > Under pcvt, you will log in on /dev/ttyv0 and only that will get chowned to
> > you.
> 
> Ah, that totally explains the problem -- no access to /dev/console
> because it isn't the login tty.
> 
> Anyone have any ideas how this should be done "right" if you are using
> pcvt? The problem is that you don't want to just change the
> permissions permanently on /dev/console; you want them to remain the
> same as the permissions on /dev/ttyv0. Under pccons this isn't an
> issue...
> 
> Perry

This is another manifestation of the "related devices" problem.
When one logs in on the "workstation" device i.e. /dev/ttyv0 on
the PC, or /dev/kd (keyboard/display) on the Sun3, getty will
set the login tty ownership to the login UID, but there are
related devices that also need their ownership set.  Examples:
	Sun3:
		ownership of /dev/kd implies ownership of:
		/dev/fb	(the frame-buffer device)
		/dev/kbd (raw keyboard interface for X)
		/dev/mouse (obviously)
	PC:
		ownership of /dev/ttyv0 implies ownership of
		/dev/mouse, ...

For both machines, if the login device is also where /dev/console
points, then /dev/console could be treated as a "related device"
also, but I'm not sure that is correct from a security standpoint.

CGD suggested that we implement something like the /etc/fbtab
feature from SunOS (but with more generality).  Here is how it
might work.  The file /etc/ttygroup (or whatever name you like)
would contain the following fields:

	login_tty	modes	related_device	#comments

Sample contents of this file for the Sun3 would be:

	/dev/kd  0600	/dev/kbd
	/dev/kd  0600	/dev/mouse
	/dev/kd  0620	/dev/fb
	/dev/kd  0620	/dev/bwtwo0
	/dev/kd  0620	/dev/bwtwo1
	/dev/kd  0620	/dev/cgtwo0
	/dev/kd  0620	/dev/cgthree0
	/dev/kd  0620	/dev/cgfour0
	/dev/kd  0622	/dev/console	#ONLY if console is on "kd"

The above file would be processed by login and getty as follows:

When login authenticates user $UID and has done a chown of the
login tty, it then scans the /etc/ttygroup file for lines with
a matching $login_tty field.   For each match, it should do
chown and chmod calls equivalent to:
	chown $UID   $related_device
	chmod $modes $related_device

Similarly, after a logout, when getty is started on a tty line,
it will scan /etc/ttygroup for lines match the login_tty and will
do chown and chmod calls equivalent to:
	chown 0600  $related_device
	chown root  $related_device
	(Maybe a revoke(2) call as well?)

So, that's how I think it should work.  Does this sound OK?
Are there any volunteers to make login and getty do this?

Gordon