linux ttyname{_r}: Don't bail prematurely [BZ #22145]

Bug #1732550 reported by Christian Brauner on 2017-11-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)

Bug Description


I just pushed a patch series by Luke to glibc master that fixes a bug with pty file descriptors from devpts mounts in a different mount namespace. Here's the description:

linux ttyname{_r}: Don't bail prematurely [BZ #22145]

Commit 15e9a4f378c8607c2ae1aa465436af4321db0e23 introduced logic for ttyname()
sending back ENODEV to signal that we can't get a name for the TTY because we
inherited it from a different mount namespace.

However, just because we inherited it from a different mount namespace and it
isn't available at its original path, doesn't mean that its name is unknowable;
we can still try to find it by allowing the normal fall back on iterating
through devices.

An example scenario where this happens is with "/dev/console" in containers.
It's a common practice among container managers to allocate a PTY master/slave
pair in the host's mount namespace (the slave having a path like "/dev/pty/$X"),
bind mount the slave to "/dev/console" in the container's mount namespace, and
send the slave FD to a process in the container. Inside of the
container, the slave-end isn't available at its original path ("/dev/pts/$X"),
since the container mount namespace has a separate devpts instance from the host
(that path may or may not exist in the container; if it does exist, it's not the
 same PTY slave device). Currently ttyname{_r} sees that the file at the
original "/dev/pts/$X" path doesn't match the FD passed to it, and fails early
and gives up, even though if it kept searching it would find the TTY at
"/dev/console". Fix that; don't have the ENODEV path force an early return
inhibiting the fall-back search.

This change is based on the previous patch that adds use of is_mytty in
getttyname and getttyname_r. Without that change, this effectively reverts
15e9a4f, which made us disregard the false similarity of file pointed to by
"/proc/self/fd/$Y", because if it doesn't bail prematurely then that file
("/dev/pts/$X") will just come up again anyway in the fall-back search.

Reviewed-by: Christian Brauner <email address hidden>

The relevant patches from glibc master are:


The patches will be in glibc 2.27 but this should be backported to glibc 2.26.


Christian Brauner (cbrauner) wrote :
description: updated
description: updated

The attachment "0001-manual-Update-to-mention-ENODEV-for-ttyname-and-ttyn.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Thomas (kugel.) wrote :

This bug affects me on two systems. Can the fixes be backported?

Adam Conrad (adconrad) wrote :

Bionic was released with 2.27, which seems to include all of these bits.

Changed in glibc (Ubuntu):
status: New → Fix Released
To post a comment you must log in.