[Xquartz-dev] minor luit patch for secure tty access
Jeremy Huddleston
jeremyhu at berkeley.edu
Fri Apr 11 10:25:29 PDT 2008
Thanks Martin.
I'm going to test this out and try getting it into 2.2.0.
--Jeremy
On Apr 11, 2008, at 09:22, Martin Otte wrote:
> When xterm is invoked to use the luit unicode filter:
>
> env LC_ALL=en_US LANG=en_US /usr/X11/bin/xterm -u8
>
> luit reports the message:
>
> Warning: could not change ownership of tty -- pty is insecure!
>
> The luit man page states that running luit as an ordinary user will
> leave the tty world-writable; this is a security hole, and luit will
> generate a warning (but still accept to run). Fortunately, OSX
> (tested in both Tiger and Leopard) has the necessary terminal access
> functions to allow secure access to the tty. Only a minor patch to
> luit is necessary:
>
> --- luit/sys.c.orig 2008-04-11 11:41:00.000000000 -0400
> +++ luit/sys.c 2008-04-11 11:57:52.000000000 -0400
> @@ -56,7 +56,7 @@
>
> #if (defined(__GLIBC__) && \
> (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 1))) || \
> - defined(SVR4)
> + defined(SVR4) || defined(__APPLE__)
> #define HAVE_GRANTPT
> #endif
>
> @@ -340,7 +340,12 @@
> char *temp_line;
> int rc;
>
> +#ifdef __APPLE__
> + pty = posix_openpt(O_RDWR);
> +#else
> pty = open("/dev/ptmx", O_RDWR);
> +#endif
> +
> if(pty < 0)
> goto bsd;
>
>
> I hope this patch might be useful,
> Martin
>
> <luit-tty.patch>
> _______________________________________________
> Xquartz-dev mailing list
> Xquartz-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo/xquartz-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3040 bytes
Desc: not available
Url : http://lists.macosforge.org/pipermail/xquartz-dev/attachments/20080411/372d0df5/smime.bin
More information about the Xquartz-dev
mailing list