Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names

To: gnats-bugs%NetBSD.org@localhost
Subject: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
From: Ed Ravin <eravin%panix.com@localhost>
Date: Wed, 5 Mar 2008 13:51:41 -0500

On Wed, Mar 05, 2008 at 06:05:04PM +0000, David Holland wrote:
> The following reply was made to PR bin/38175; it has been noted by GNATS.
> 
> From: David Holland <dholland-bugs%netbsd.org@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
> Subject: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
> Date: Wed, 5 Mar 2008 18:04:00 +0000
> 
>  On Wed, Mar 05, 2008 at 03:40:02PM +0000, eravin%panix.com@localhost wrote:
>   > We get these messages in syslog instead of successful notifications:
>   > 
>   > Mar  5 08:40:39 logsources@panix5/166.84.1.5 comsat[12662]: '/' in 
> "/dev/pts/51"
>   > 
>   > I believe this is the code at fault in comsat.c:
>   > 
>   >     248     if (strncmp(cr, "pts/", 4) == 0)
>   >     249         cr += 4;
>   >     250     if (strchr(cr, '/')) {
>   >     251         /* A slash is an attempt to break security... */
>   >     252         syslog(LOG_AUTH | LOG_NOTICE, "Unexpected `/' in `%s'",
>   >     253             ep->line);
>   >     254         return;
>   >     255     }
>  
>  Well, yes and no. The problem looks to be that the utmp file has
>  "/dev/pts/51" in it (in the ut_line field) instead of just "pts/51",
>  which is what would normally be expected.
>  
>  What do you see as the tty names when you run /usr/bin/who? And what
>  program are you using to "log in" on these ttys that leaves it set
>  this way? (sshd? xterm? kterm? gnome_terminal? ...?)

See below.  Original user's name and IP are obfuscated.

pstree says:
-+= 00000 root [swapper]
 \-+= 00001 root init
   \-+= 14705 root /usr/sbin/sshd -u0
     \-+= 14546 root sshd: USER [priv]
       \-+- 24108 USER sshd: USER@pts/51 (sshd)

/usr/bin/who says:
USER       pts/51   Mar  5 08:16  (10.100.10.10)

/usr/bin/last says:

$ last -f /var/run/utmp -t pts/51
USER        pts/51   10.l00.10.10     Wed Mar 05 08:16   still logged in

$ last -f /var/run/utmpx -t pts/51
USER        pts/51   10.100.10.10     Wed Mar 05 08:16 - 16:58  (08:42)

/usr/bin/sshd is the stock NetBSD 4.0 sshd.

Here's a hexdump of /var/run/utmpx:

0009c00   U   S   E   R  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
0009c10  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
0009c20   s   /   5   1   p   t   s   /   5   1  \0  \0  \0  \0  \0  \0
0009c30  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
0009c40  \0  \0  \0  \0   1   0   .   1   0   0   .   1   0   .   1   0
0009c50  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0

hexdump of /var/run/utmp similiarly does not show any presence of the
string "dev" and especially not "/dev". 

Anywhere else I should look?

Follow-Ups:
- Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
  - From: Christos Zoulas

References:
- Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
  - From: David Holland

Prev by Date: Re: kern/38123 (mount_smbfs crashes kernel)
Next by Date: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Previous by Thread: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Next by Thread: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Indexes:

Home | Main Index | Thread Index | Old Index