Andy Lutomirski <l...@amacapital.net> writes: > On Sat, Apr 9, 2016 at 6:27 PM, Linus Torvalds > <torva...@linux-foundation.org> wrote: >> >> On Apr 9, 2016 5:45 PM, "Andy Lutomirski" <l...@amacapital.net> wrote: >>> >>> >>> What we *do* want to do, though, is to prevent the following: >> >> I don't see the point. Why do you bring up this insane scenario that nobody >> can possibly care about? >> >> So you actually have any reason to believe somebody does that? >> >> I already asked about that earlier, and the silence was deafening. > > I have no idea, but I'm generally uncomfortable with magical things > that bypass normal security policy. > > That being said, here's an idea for fixing this, at least in the long > run. Add a new devpts mount option "no_ptmx_redirect" that turns off > this behavior for the super in question. That is, opening /dev/ptmx > if "pts/ptmx" points to something with no_ptmx_redirect set will fail. > Distros shipping new kernels could be encouraged to (finally!) make > /dev/ptmx a symlink and set this option. > > We just might be able to get away with spelling that option "newinstance".
Interesting point. Very interesting point. At this point I don't know that it is worth it, but that would trivially prevent any non-sense, that might possibly happen. The downside would be that the semantics of /dev/ptmx would be more complicated. Eric
