tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: openpty: limits for name

On Thu, Jul 12, 2012 at 12:13:18PM +0200, Thomas Klausner wrote:
 > A Linux man page I found for openpty says:
 >        Nobody knows how much space should be reserved for name. So,
 >        calling openpty() or forkpty() with non-NULL name may not be secure.
 > Our man page is silent on that.
 > The code in libutil/pty.c just does:
 >  if (name)
 >     (void)strcpy(name, linep);
 > I wonder if we (can and) want to promise a limit in the man page, or
 > just add a comment like the one in the Linux man page.

Well, "nobody knows how much space to use" is a long form of "do not
use this interface", so unless we want to join the Linux world in
deprecating these calls in favor of open-coding the logic and calling
grantpt(), it should be defined and documented.

it is probably also worth getting the change into all the BSDs.

David A. Holland

Home | Main Index | Thread Index | Old Index