mirror of https://github.com/mkerrisk/man-pages
ioctl_tty.2: Add TIOCGPTPEER documentation
This is an ioctl(2) recently added by myself, to allow for container runtimes and other programs that interact with (potentially hostile) Linux namespaces to safely create {master,slave} pseudoterminal pairs without needing to open potentially unsafe /dev/pts/... filenames that may be malicious mount points or similar in an untrusted namespace (avoiding the endless issues with ptsname(3) and similar approaches). Cc: <containers@lists.linux-foundation.org> Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
a2923df043
commit
0ec74af9db
|
@ -380,6 +380,21 @@ Place the current lock state of the pseudoterminal slave device
|
|||
in the location pointed to by
|
||||
.IR argp
|
||||
(since Linux 3.8).
|
||||
.TP
|
||||
.BI "TIOCGPTPEER int " flags
|
||||
Opens and returns a new file handle to the pseudoterminal slave
|
||||
device with the given
|
||||
.BR open (2)-style
|
||||
.IR flags ,
|
||||
regardless of whether the path is accessible through the calling process's
|
||||
mount namespaces.
|
||||
|
||||
Security-conscious programs interacting with namespaces may wish to use this
|
||||
over
|
||||
.BR open (2)
|
||||
with the path provided by
|
||||
.BR ptsname (3),
|
||||
and similar library methods that have insecure APIs (since Linux 4.13).
|
||||
.PP
|
||||
The BSD ioctls
|
||||
.BR TIOCSTOP ,
|
||||
|
|
Loading…
Reference in New Issue