Tech Insider					     Technology and Trends


		   Linux Activists Mailing List Archives

From: iiitac@swan.pyr (Alan Cox)
Subject: Serial Drivers
Date: Thu, 28 Jan 1993 16:54:32 GMT

The 0.99.2/3/4 serial drivers have a set of bugs to do with CLOCAL, these
prevent several programs that should work from working on lines without
the carrier signal present. When the terminal is opened the line is marked
as hung_up and when CLOCAL is then set the line is not restored.
In addition the serial driver doesn't block until carrier is raised in
normal use as Unix systems do.

I've posted Linus a set of patches a while ago for this and 0.99.2 , but only
for the new interrupt handler, these also allow you to select() on a tty
open like the sys5.4 terminal managers do.

In the meantime a warning for anyone using the amateur radio KA9Q version
I released. DONT upgrade to 0.99.2 without the serial patches I included
and DONT upgrade to 0.99.3 or .4. I'll try and merge the serial fixes into
the 0.99.4 kernel and resubmit them again.

Alan

From: tytso@athena.mit.edu (Theodore Ts'o)
Subject: Re: Serial Drivers
Date: 29 Jan 1993 15:25:56 -0500
Reply-To: tytso@athena.mit.edu (Theodore Ts'o)

   From: iiitac@swan.pyr (Alan Cox)
   Date: Thu, 28 Jan 1993 16:54:32 GMT

   The 0.99.2/3/4 serial drivers have a set of bugs to do with CLOCAL, these
   prevent several programs that should work from working on lines without
   the carrier signal present. When the terminal is opened the line is marked
   as hung_up and when CLOCAL is then set the line is not restored.

This is not a bug; if you do this, you create a security hole which
obviates half the reason for doing the tty hangup in the first place.

Consider: you are running a dialup service; evil bad person (tm) dials
up, and leaves a trojan program which looks like /bin/login.  But when
he/she hangs up, all processes attached to the modem lose their access
to the modem.  No problem.

Now assume that setting CLOCAL allows you to "unhangup" the line.  Evil
Bad Person changes his/her program to wait until after he hangs up, and
then sets CLOCAL; voila'!  Instant trojan horse.  

But you, you say, the Evil Bad Person could have set CLOCAL before
he/she logged out, which would do the same thing.  No!  Because getty
will calls vhangup() on the line, which will forcibly hang up all
processes on the line, CLOCAL or no.  So Evil Bad Person merely has to
wait until after getty has called vhangup(), and *then* he sets CLOCAL,
which undoes the hangup condition and his trojan horse program can run
and screw users.

Moral of the story: you don't want to blithly undo a hangup condition,
unless you want to open up a security hole on your system.

The right way to handle this is as follows:

        1) open the serial line with the O_NONBLOCK flag
        2) set CLOCAL
        3) open the serial line *again*
        4) close the serial line opened in step #1
        5) proceed with whatever your program needs to do, using the
                file descriptor obtained in step #3

This is the only really portable way to deal with the whole question of
CLOCAL and lines hanging up/not hanging up. 

                                                - Ted

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO v IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or
research.

Electronic mail:			       WorldWideWeb:
   tech-insider@outlook.com			  http://tech-insider.org/