tty: introduce no_tty and use it in selinux

While researching the tty layer pid leaks I found a weird case in selinux when we drop a controlling tty because of inadequate permissions we don't do the normal hangup processing. Which is a problem if it happens the session leader has exec'd something that can no longer access the tty. We already have code in the kernel to handle this case in the form of the TIOCNOTTY ioctl. So this patch factors out a helper function that is the essence of that ioctl and calls it from the selinux code. This removes the inconsistency in handling dropping of a controlling tty and who knows it might even make some part of user space happy because it received a SIGHUP it was expecting. In addition since this removes the last user of proc_set_tty outside of tty_io.c proc_set_tty is made static and removed from tty.h Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Eric W. Biederman <ebiederm@xmission.com> 2007-05-08 03:26:56 -0400
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-05-08 14:15:04 -0400
commit: 98a27ba485c7508ef9d9527fe06e4686f3a163dc (patch)
tree: 73d5dca7f1b5120ecf1bbcc664094044bc35dc56
parent: 2a65f1d9fe78475720bd8f0e0fbbf1973b1b5ac2 (diff)
3 files changed, 19 insertions, 9 deletions
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 39db186d5c5b..5d405a1bfbe3 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -154,6 +154,7 @@ int tty_ioctl(struct inode * inode, struct file * file,
 static int tty_fasync(int fd, struct file * filp, int on);
 static void release_tty(struct tty_struct *tty, int idx);
 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
+static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 /**
 *      alloc_tty_struct        -       allocate a tty object
@@ -1558,6 +1559,18 @@ void disassociate_ctty(int on_exit)
        unlock_kernel();
 }
+/**
+ *
+ *      no_tty  - Ensure the current process does not have a controlling tty
+ */
+void no_tty(void)
+{
+        struct task_struct *tsk = current;
+        if (tsk->signal->leader)
+                disassociate_ctty(0);
+        proc_clear_tty(tsk);
+}
 /**
 *      stop_tty        -       propogate flow control
@@ -3280,9 +3293,7 @@ int tty_ioctl(struct inode * inode, struct file * file,
                case TIOCNOTTY:
                        if (current->signal->tty != tty)
                                return -ENOTTY;
-                        if (current->signal->leader)
+                        no_tty();
-                                disassociate_ctty(0);
-                        proc_clear_tty(current);
                        return 0;
                case TIOCSCTTY:
                        return tiocsctty(tty, arg);
@@ -3844,7 +3855,7 @@ static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
        tsk->signal->tty_old_pgrp = NULL;
 }
-void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
+static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
 {
        spin_lock_irq(&tsk->sighand->siglock);
        __proc_set_tty(tsk, tty);
diff --git a/include/linux/tty.h b/include/linux/tty.h
index dee72b9a20fb..bb4576085203 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -313,6 +313,7 @@ extern int tty_hung_up_p(struct file * filp);
 extern void do_SAK(struct tty_struct *tty);
 extern void __do_SAK(struct tty_struct *tty);
 extern void disassociate_ctty(int priv);
+extern void no_tty(void);
 extern void tty_flip_buffer_push(struct tty_struct *tty);
 extern speed_t tty_get_baud_rate(struct tty_struct *tty);
 extern speed_t tty_termios_baud_rate(struct ktermios *termios);
@@ -333,7 +334,6 @@ extern int tty_ioctl(struct inode *inode, struct file *file, unsigned int cmd,
 extern dev_t tty_devnum(struct tty_struct *tty);
 extern void proc_clear_tty(struct task_struct *p);
-extern void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 extern struct tty_struct *get_current_tty(void);
 extern struct mutex tty_mutex;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 885a9a958b8d..fa9dbb6b110d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1758,12 +1758,11 @@ static inline void flush_unauthorized_files(struct files_struct * files)
                        }
                }
                file_list_unlock();
-                /* Reset controlling tty. */
-                if (drop_tty)
-                        proc_set_tty(current, NULL);
        }
        mutex_unlock(&tty_mutex);
+        /* Reset controlling tty. */
+        if (drop_tty)
+                no_tty();
        /* Revalidate access to inherited open files. */
author	Eric W. Biederman <ebiederm@xmission.com>	2007-05-08 03:26:56 -0400
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-05-08 14:15:04 -0400
commit	98a27ba485c7508ef9d9527fe06e4686f3a163dc (patch)
tree	73d5dca7f1b5120ecf1bbcc664094044bc35dc56
parent	2a65f1d9fe78475720bd8f0e0fbbf1973b1b5ac2 (diff)