stray processes write to ptys (SUMMARY)

From: Jason Heirtzler (jdh@bu-pub.bu.edu)
Date: Tue Nov 12 1991 - 21:57:11 CST


To refresh your memory, my problem was

> As we pile more users on our timesharing box (sunos 4.1), I find
> myself spending more and more time hunting down stray processes left
> running accidentally when people logout.

> Stray processes that spin and chew cycles are obviously a problem, but
> the numero uno problem is the output from those processes, which
> usually gets dumped on whoever happens to get that pty next.

In summary, several people pointed to sun's security patch for
in.rlogind and in.telentd (#100125-05) which I was already using. If
you haven't installed this patch, get it. It does help. However, it
doesn't eliminate the problem because telnet and rlogin aren't the
only things that allocate ptys (emacs shell mode, for example.)

It was suggested that upgrading to sunos 4.1.1 will solve it, but I
know it's still a problem with some other machines that are running
sunos 4.1.1, so that alone isn't sufficient.

The winning entry and all it's glory goes to Daniel Trinkle
(trinkle@cs.purdue.edu) who sent a kernel source patch. I've done
some testing on my SS-1 and then installed it on the timesharing
machine, and I've been running with this patch for about three days
and it seems to solve it! The diff is appended to the end of this
message.

Also appended is a patch that someone else gave me a couple of weeks
ago to save ptys by changing the "M-x display-time" function in GNU
emacs (version 18.55, but other versions too I'll wager) to work
without using a new pty. This doesn't address the problem, but it
does avoid needless pty wastage. I just did a "ps" a moment ago, and
we were using 6 less ptys just on one machine because of this. This
patch also is appened to the end of this message.

Thanks very much for all those cards and letters........

jdh

==========cut here============cut here==========cut here===========
Here is a kernel patch that will fix this problem if you have
SunOS source. The problem is in src/sys/os/tty_pty.c. The patch
came from Andy Sherman (andys@ulysses.att.com).

RCS file: /usr/src/sun4.1/sys/os/RCS/tty_pty.c,v
retrieving revision 1.1
diff -c -r1.1 /usr/src/sun4.1/sys/os/tty_pty.c
*** 1.1 1991/07/22 19:23:15
--- /usr/src/sun4.1/sys/os/tty_pty.c 1991/08/06 04:58:44
***************
*** 672,685 ****
                                  /* XXX - should be EBUSY! */
          if (pty->pt_flags & PF_WOPEN)
                  wakeup((caddr_t)&pty->pt_flags);
! if ((q = pty->pt_ttycommon.t_readq) != NULL &&
! (q = q->q_next) != NULL) {
                  /*
! * Send an un-hangup to the slave, since "carrier" is
! * coming back up. Make sure we're doing canonicalization.
                   */
! (void) putctl(q, M_UNHANGUP);
! (void) putctl1(q, M_CTL, MC_DOCANON);
          }
          pty->pt_flags |= PF_CARR_ON;
          pty->pt_send = 0;
--- 672,683 ----
                                  /* XXX - should be EBUSY! */
          if (pty->pt_flags & PF_WOPEN)
                  wakeup((caddr_t)&pty->pt_flags);
! else if (((q = pty->pt_ttycommon.t_readq) != NULL)) {
                  /*
! * Busy controller because slave still open somewhere
! * This avoids security hole in vhangup & /dev/tty.
                   */
! return(EIO);
          }
          pty->pt_flags |= PF_CARR_ON;
          pty->pt_send = 0;

==========cut here============cut here==========cut here===========

Here's the patch for GNU emacs time.el

==========cut here============cut here==========cut here===========
*** time.el Sun Nov 10 02:16:31 1991
--- time.el.orig Wed Jan 21 15:06:58 1987
***************
*** 43,49 ****
                (setq global-mode-string
                      (append global-mode-string '(display-time-string))))
            (setq display-time-string "time and load")
- (setq process-connection-type nil)
            (setq display-time-process
                  (start-process "display-time" nil
                                 "loadst"
--- 43,48 ----
***************
*** 50,57 ****
                                 "-n" (int-to-string display-time-interval)))
            (process-kill-without-query display-time-process)
            (set-process-sentinel display-time-process 'display-time-sentinel)
! (set-process-filter display-time-process 'display-time-filter)
! (setq process-connection-type t)))))
  
  (defun display-time-sentinel (proc reason)
    (or (eq (process-status proc) 'run)
--- 49,55 ----
                                 "-n" (int-to-string display-time-interval)))
            (process-kill-without-query display-time-process)
            (set-process-sentinel display-time-process 'display-time-sentinel)
! (set-process-filter display-time-process 'display-time-filter)))))
  
  (defun display-time-sentinel (proc reason)
    (or (eq (process-status proc) 'run)



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:17 CDT