No longer store the ctime of a devpts tty. The handling of ctime

on devpts in Linux has been changed to conform to POSIX.  As a
result we can no longer assume that the ctime will stay unchanged
throughout the life of the session.  We store the session ID in the
time stamp file so there is a much smaller chance of the time stamp
file being reused by a new login.  While here, store the uid/gid
in the timestamp file too for good measure.

diff --git a/plugins/sudoers/check.h b/plugins/sudoers/check.h
index a3331201abfd2af9a6dd38231b306d44f3904f12..5d73756d6a2c143574585e62978aa5cf7bce6cb2 100644 (file)
--- a/plugins/sudoers/check.h
+++ b/plugins/sudoers/check.h
@@ -39,7 +39,8 @@ struct sudo_tty_info {
     dev_t dev;                 /* ID of device tty resides on */
     dev_t rdev;                        /* tty device ID */
     ino_t ino;                 /* tty inode number */
-    struct timeval ctime;      /* tty inode change time */
+    uid_t uid;                 /* tty owner */
+    gid_t gid;                 /* tty group */
     pid_t sid;                 /* ID of session with controlling tty */
 };
 

diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c
index 99d589a56a2b28a4a521475b9f932cd1b0629c64..a7b651851382b95fdaeae56e16012ce7a8ceb8f1 100644 (file)
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -24,12 +24,6 @@
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/stat.h>
-#ifdef __linux__
-# include <sys/vfs.h>
-#endif
-#if defined(__sun) && defined(__SVR4)
-# include <sys/statvfs.h>
-#endif
 #ifndef __TANDEM
 # include <sys/file.h>
 #endif
@@ -63,8 +57,6 @@
 #include "sudoers.h"
 #include "check.h"
 
-static bool  tty_is_devpts(const char *);
-
 static struct sudo_tty_info tty_info;
 static char timestampdir[PATH_MAX];
 static char timestampfile[PATH_MAX];
@@ -85,8 +77,8 @@ build_timestamp(struct passwd *pw)
        tty_info.dev = sb.st_dev;
        tty_info.ino = sb.st_ino;
        tty_info.rdev = sb.st_rdev;
-       if (tty_is_devpts(user_ttypath))
-           ctim_get(&sb, &tty_info.ctime);
+       tty_info.uid = sb.st_uid;
+       tty_info.gid = sb.st_gid;
        tty_info.sid = user_sid;
     }
 
@@ -418,44 +410,6 @@ remove_timestamp(bool remove)
     debug_return;
 }
 
-/*
- * Returns true if tty lives on a devpts, /dev or /devices filesystem, else
- * false.  Unlike most filesystems, the ctime of devpts nodes is not updated
- * when the device node is written to, only when the inode's status changes,
- * typically via the chmod, chown, link, rename, or utimes system calls.
- * Since the ctime is "stable" in this case, we can stash it the tty ticket
- * file and use it to determine whether the tty ticket file is stale.
- */
-static bool
-tty_is_devpts(const char *tty)
-{
-    bool retval = false;
-#ifdef __linux__
-    struct statfs sfs;
-    debug_decl(tty_is_devpts, SUDO_DEBUG_PTY)
-
-#ifndef DEVPTS_SUPER_MAGIC
-# define DEVPTS_SUPER_MAGIC 0x1cd1
-#endif
-
-    if (statfs(tty, &sfs) == 0) {
-       if (sfs.f_type == DEVPTS_SUPER_MAGIC)
-           retval = true;
-    }
-#elif defined(__sun) && defined(__SVR4)
-    struct statvfs sfs;
-    debug_decl(tty_is_devpts, SUDO_DEBUG_PTY)
-
-    if (statvfs(tty, &sfs) == 0) {
-       if (strcmp(sfs.f_fstr, "dev") == 0 || strcmp(sfs.f_fstr, "devices") == 0)
-           retval = true;
-    }
-#else
-    debug_decl(tty_is_devpts, SUDO_DEBUG_PTY)
-#endif /* __linux__ */
-    debug_return_bool(retval);
-}
-
 /*
  * Lecture status is currently implied by the timestamp status but
  * may be stored separately in a future release.