From: cudcv@warwick.ac.uk (Rob McMahon) Newsgroups: comp.unix.admin Subject: Re: Sun pty allocation bug (was: telnet ... logs me out) Message-ID: Date: 13 Feb 92 17:06:20 GMT References: <65704@netnews.upenn.edu> Organization: Computing Services, Warwick University, UK In article <65704@netnews.upenn.edu> chip@eniac.seas.upenn.edu (Charles H. Buchholtz) writes: >tadr@enel.ucalgary.ca (tadr) writes: > >>I modified the pty allocation code in telnetd likewise (and in GNU emacs, >>and in script, etc...), and the problem vanished. Perhaps Sun has a patch >>for this problem (I doubt it). Maybe 4.1.2 fixes it. > >4.1.2 does *not* fix it. I have a new patch (100125-05), which I haven't >tried yet. Note the -05; Sun has been batting this one around for a while. >100125-05 is a new in.telnetd, which just missed 4.1.2. I've been into this in some detail, and have been talking to a (very patient) HotLine guy at Sun about it for some time. It's quite clear to me that patching every client that uses pty's is just ridiculous, and a fix that just replaces in.telnetd is not really a fix at all. There is a real patch, called 100414-01 for 4.1.1 and 4.1, but it clashes with another important patch, 100188-01 (which stops random people from grabbing the console). Since 100188 is rolled into 4.1.2, this also means that there is currently no patch available for 4.1.2. I have a test version of an -02 release of 100188 which is supposed to fix both problems for 4.1.2, but, although it works, I wouldn't like to make this available yet, until it's approved. Hassle your support people. A 4.1.1 merge of 100188 and 100414 is also supposed to be in the works (I have a number of Sun-3 systems which also need the fix, but which are obviously not able to run 4.1.2). You can get the 100414-01 and 100188-01 patches from ftp.warwick.ac.uk:pub.sun-fixes/4.1.1/{100414-01,100188-01}.tar.Z but you might want to wait for the -02 version of 100188 to be approved and made available. Here's the README from 100414-01 ============================================================================== Patch-ID# 100414-01 Keywords: application, previous, get, security, session, telnet, pseudo-tty, pty Synopsis: SunOS4.1;4.1.1: programs using pty get output from previous application Date: 25/Oct/91 SunOS release: 4.1.1, 4.1 Unbundled Product: Unbundled Release: Topic: In ptcopen(), setup a check to see if slave side is in use. BugId's fixed with this patch: 1070495 Architectures for which this patch is available: sun3, sun3x, sun4, sun4c Patches which may conflict with this patch: 100187, 100188 Obsoleted by: Files included with this patch: tty_pty.o Problem Description: This problem affects every application using psudo-tty. It can be reproduced in the following way : - from a cmdtool run # netstat 3 & - kill the cmdtool - start a new cmdtool and you can get the output from netstat. ============================================================================== and from 100188-01 ============================================================================== Patch-ID# 100188-01 Keywords: TIOCCONS Synopsis: SunOS 4.1.1: TIOCCONS redirection is a security violation. Date: 15/Dec/90 SunOS release: 4.1.1 Unbundled Product: Unbundled Release: Topic: BugId's fixed with this patch: 1008324 Architectures for which this patch is available: sun3 sun3x sun4 sun4c Patches which may conflict with this patch: Obsoleted by: Next major release of SunOS Problem Description: TIOCCONS can be used to re-direct console output/input away from "console" ============================================================================== There's no README for 100188-02, it's too early. Cheers, Rob -- UUCP: ...!mcsun!uknet!warwick!cudcv PHONE: +44 203 523037 JANET: cudcv@uk.ac.warwick INET: cudcv@warwick.ac.uk Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England