OpenBSD Journal

Another round of setuids bites the dust

Contributed by jose on from the /dev/ptm dept.

jtorin writes: " In a CVS commit Todd C. Miller writes:
Add the ptm device to pty(4).  By opening /dev/ptm and using the PTMGET
ioctl(2), an unprivileged process may allocate a pty and have its owner
and mode set appropriately.  This means that programs such as xterm and
screen no longer need to be setuid.  Programs using the openpty()
function require zero changes and will "just work".

Designed by beck@ and deraadt@; changes by beck@ with cleanup (and
a rewrite of the vnode bits) by art@ and tweaks/bugfixes by me.
Tested by many.

(Comments are closed)

  1. By Peter Hessler () on

    They can be removed, but they haven't been yet.

  2. By Anonymous Coward () on

    Very nice. But I just updated to -current yesterday... :(
    oh well, I'm off again for a new compile :)

  3. By Anonymous Coward () on

    This is very cool! The elimination of setuid binaries is something that is long overdue for any UNIX system. It's good to see the developers continuing to find efficient ways at reducing the number of such binaries in the system.
    Great work!

  4. By Anonymous Coward () on

    Anyone wanna do a `find / -perm -4000 -print > SUID-BINARIES` on te latest -CURRENT to see what's left over?

    1. By jtorin () on

      The raw number of setuid executables are not a good measurement of security (or the lack of it). There are instances where the process simply must have root priviledges. Those security risks can ofcourse be mitigated by priviledge separation where suitable.

      The commit above is (ofcourse) an example of the prefered solution; instead of requiring a process to have root priviledges at some point in its execution, the OS is changed to allow calls to a system function by 'anonymous' processes. This is (again, ofcourse) not applicable for every system call.

    2. By Miod () on

      You'd be surprised. The number of setuid and setgid binaries has raised significantly over the last 18 months.

      However, most of these binaries are not setuid root or setgid wheel anymore; they use fine-grained user and groups which makes a compromise in these binaries slightly less dangerous.

  5. By Anonymous Coward () on

    What are ptys and why are they needed? Why can't xterm just execute tcsh or bash? Why does it need to have a pty to go with it? This is something I have always wondered about Unix.

    Sorry if this is a dumb question.

    1. By panda () on

      The terminal is the process' execution environment,
      only a terminal can provide fd 0, 1 and 2 to the process (stdin, stdout, stderr). Many programs issue the ioctl ISATTY to check for the presence of a terminal and modifiy their behavior when they it is present (for instance issue ktrace on ls, you'll see that it checks for a terminal, it allows ls to display columns in interactive mode, shells don't display prompts when no terminal is present, they don't enable job control either, ...)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]