Re: pkg/56936: posix_openpt(O_RDWR | O_NOCTTY) fails when configuring pkgsrc/x11/mlterm

[David Holland <dholland-pbugs%netbsd.org@localhost>]

The following reply was made to PR pkg/56936; it has been noted by GNATS.

From: David Holland <dholland-pbugs%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/56936: posix_openpt(O_RDWR | O_NOCTTY) fails when
 configuring pkgsrc/x11/mlterm
Date: Wed, 14 Sep 2022 03:51:44 +0000

 On Sun, Sep 11, 2022 at 09:15:02PM +0000, David H. Gutteridge wrote:
  >  openpty(3) does fall back to trying to open pty devices, and fails like
  >  so:
  >  
  >   22686      1 script   CALL  open(0x7f7fffd496d5,2,0)
  >   22686      1 script   NAMI  "/dev/ptyp0"
  >   22686      1 script   RET   open -1 errno 2 No such file or directory
  >  
  >  There are no pty devices in the sandboxes I have, because there are also
  >  none under actual /dev. They are not populated in any installs I have,
  >  presumably on purpose given it says in MAKEDEV "creating BSD style tty
  >  nodes with ptyfs is a security issue"?
 
 The security problem arises if you have both ptyfs and old-style pty
 devices, because they are attached to the same internal objects but
 have their own file permissions, which will then mostly be wrong.
 Don't do that.
 
 Having some ptys in the chroot that are the same as ptys you're using
 outside isn't good either, but creating one that's high-enough
 numbered that you won't use it elsewhere by accident is fine. So is
 inserting a copy of ptyfs via null mount, though this makes all your
 ordinary ptys accessible there so you need to be sure not to use the
 same uids as outside.
 
 However, having no ptys at all is bound to break some stuff, like,
 apparently, mlterm. :-(
 
 (And I still wonder about posix_openpt. If we intend to continue to
 support old-style ptys, it's broken. If not, the old code in openpty
 should probably be G/C'd. This is a matter for a different PR though.)
 
 -- 
 David A. Holland
 dholland%netbsd.org@localhost