Subject: Re: Problem with NetBSD 1.4_alpha with signals and persistent processes
To: None <perry@piermont.com, tech-security@netbsd.org>
From: Brian Buhrow <buhrow@cats.ucsc.edu>
List: tech-security
Date: 05/07/1999 18:06:24
	Hi pery.  Any chance this fix from Charles could be pulled up into the
1.4 branch?  Since you've got the other mail, I'll spare you the details.
(I've tested it, it works great!)
-thanks
-Brian

From: "Charles M. Hannum" <root@ihack.net>
To: buhrow@cats.ucsc.edu
Cc: perry@piermont.com, tech-security@netbsd.org
Subject: Re: Problem with NetBSD 1.4_alpha with signals and persistent processes


The inheritance of the tty modes is actually done by window(1) itself.
It can trivially be made to inherit the `right' modes; i.e.:

Index: wwinit.c
===================================================================
RCS file: /cvsroot/src/usr.bin/window/wwinit.c,v
retrieving revision 1.13
diff -c -2 -r1.13 wwinit.c
*** wwinit.c	1998/12/20 15:03:15	1.13
--- wwinit.c	1999/05/06 07:25:06
***************
*** 114,117 ****
--- 114,119 ----
  #endif
  	wwwintty.ww_termios.c_oflag &= ~OXTABS;
+ 	wwwintty.ww_termios.c_cflag &= ~CLOCAL;
+ 	wwwintty.ww_termios.c_cflag |= HUPCL;
  	wwnewtty.ww_termios = wwoldtty.ww_termios;
  	wwnewtty.ww_termios.c_iflag &=

I've committed this to the trunk.



	Hello folks.  Well, I've figured out the root cause of this problem,
but need suggestions on what we might do to fix it and keep it fixed.
Although I've included my previous messages on this topic below, I'll give
a brief summary of the problem here.
	If I launch the window program from a hardware terminal session, when
I exit the window program, the subshells it starts aren't sent a SIGHUP
signal, so they live on after window dies.  To make things worse, anyone
who opens the ptys these shells were living on after window goes away gets
immediate access to the sessions happening in those shells, as the original
user.  This problem is not manifested when the originating root terminal
session is on  a pty, i.e. when one telnets into a NetBSD box.

WHY THE PROBLEM OCCURS
	If the terminal on which the trouble occurs has clocal or mdmbuf set
in the cflags field of the tty structure, then those flags seem to be
inherited by any ptys that get opened by the window program.   When the
window program exits, ttymodem() gets called for each subptty and goes
through the following snippet of code:


			/*
			 * Lost carrier.
			 */
			CLR(tp->t_state, TS_CARR_ON);
			if (ISSET(tp->t_state, TS_ISOPEN) && !CONNECTED(tp)) {
				if (tp->t_session && tp->t_session->s_leader)
					psignal(tp->t_session->s_leader, SIGHUP);
[...]

	The "CONNECTED" macro is defined as:

#define	CONNECTED(tp)	(ISSET(tp->t_state, TS_CARR_ON) ||	\
			 ISSET(tp->t_cflag, CLOCAL | MDMBUF))

	As one can see, the SIGHUP is never sent to the process in the tty
structure because the tty is not "open and disconnected". 

	Now, I have a few questions about  how we might solve this dilemma.

1.  Where is the inheritance between the root terminal tty structure and
the pty substructures done?  I had some trouble finding it.

2.  does it even make sense for mdmbuf or clocal to be set on a pty?
Couldn't we just clear those bits unconditionally upon open and disable
them from being twiddled by stty?

	I'll try to cook up a patch that at least clears those bits on open
and close for ptys and send it along.  If I do, will someone pull it up
into 1.4?    Does anyone have any other suggestions that would be
cleaner/more elegant that would be appropriate for 1.4?

-Brian