ioctl_tty.2: Add TIOCGPTPEER documentation

This is an ioctl(2) recently added by myself, to allow for container runtimes and other programs that interact with (potentially hostile) Linux namespaces to safely create {master,slave} pseudoterminal pairs without needing to open potentially unsafe /dev/pts/... filenames that may be malicious mount points or similar in an untrusted namespace (avoiding the endless issues with ptsname(3) and similar approaches). Cc: <containers@lists.linux-foundation.org> Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-06-10 03:01:47 +10:00 · 2017-06-10 03:01:47 +10:00 · 0ec74af9db
parent a2923df043
commit 0ec74af9db
1 changed files with 15 additions and 0 deletions
--- a/man2/ioctl_tty.2
+++ b/man2/ioctl_tty.2
@ -380,6 +380,21 @@ Place the current lock state of the pseudoterminal slave device
 in the location pointed to by
 .IR argp
 (since Linux 3.8).
+.TP
+.BI "TIOCGPTPEER	int " flags
+Opens and returns a new file handle to the pseudoterminal slave
+device with the given
+.BR open (2)-style
+.IR flags ,
+regardless of whether the path is accessible through the calling process's
+mount namespaces.
+
+Security-conscious programs interacting with namespaces may wish to use this
+over
+.BR open (2)
+with the path provided by
+.BR ptsname (3),
+and similar library methods that have insecure APIs (since Linux 4.13).
 .PP
 The BSD ioctls
 .BR TIOCSTOP ,