Method and apparatus for creating secure pseudo-terminal links

US 5,452,460 A
Filed: 01/27/1993
Issued: 09/19/1995
Est. Priority Date: 01/27/1993
Status: Expired due to Fees

First Claim

Patent Images

1. In a computer system having an operating system, a method executed within a kernel of said operating system for establishing a secure pseudo-terminal link between a pseudo-terminal master file and an associated pseudo-terminal slave file, said method comprising the steps of:

receiving, from a first application program, a first request to open said pseudo-terminal master file;

granting said first request if said pseudo-terminal master file and said pseudo-terminal slave file are presently closed, otherwise denying said first request;

opening said pseudo-terminal master file whenever said first request is granted;

receiving, from a second application program, a second request to open said pseudo-terminal slave file;

granting said second request if said pseudo-terminal master file is presently open and a first user identification associated with said first application program which opened said pseudo-terminal master file is identical to a second user identification associated with said second application program presently requesting to open said pseudo-terminal slave file, otherwise denying said second request;

changing, whenever said second request is granted, an access permission code and ownership of said associated pseudo-terminal slave file;

opening, after said access permission code and ownership are changed, said associated pseudo-terminal slave file;

such that said pseudo-terminal master file and said pseudo-terminal slave file are connected by a secure pseudo-terminal link.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus, operating within a kernel of a UNIX-based host computer, that ensures that no unauthorized users or processes have accessed a pseudo-terminal (pty) slave file within a pty device driver prior to an authorized process accessing the pty slave file. Specifically, upon receiving, from an application program, a request to open a pty master file to form a pty device driver, the request is granted by the kernel only if the pty master file and pty slave file are presently closed. Similarly, a request to open a pty slave file to form a pty device driver is granted by the kernel only if the pty master file is open and a user identification of an application attempting to open the slave file is identical to a user identification of the application program which opened the master file. In this manner, a pseudo-terminal link between the pty master file and the pty slave file is secure from unauthorized processes being surreptitiously connected to the pty slave. Additionally, the owner and access permission codes of the open pty slave file are changed thereby further restricting access thereto.

67 Citations

View as Search Results

21 Claims

1. In a computer system having an operating system, a method executed within a kernel of said operating system for establishing a secure pseudo-terminal link between a pseudo-terminal master file and an associated pseudo-terminal slave file, said method comprising the steps of:
- receiving, from a first application program, a first request to open said pseudo-terminal master file;
  
  granting said first request if said pseudo-terminal master file and said pseudo-terminal slave file are presently closed, otherwise denying said first request;
  
  opening said pseudo-terminal master file whenever said first request is granted;
  
  receiving, from a second application program, a second request to open said pseudo-terminal slave file;
  
  granting said second request if said pseudo-terminal master file is presently open and a first user identification associated with said first application program which opened said pseudo-terminal master file is identical to a second user identification associated with said second application program presently requesting to open said pseudo-terminal slave file, otherwise denying said second request;
  
  changing, whenever said second request is granted, an access permission code and ownership of said associated pseudo-terminal slave file;
  
  opening, after said access permission code and ownership are changed, said associated pseudo-terminal slave file;
  
  such that said pseudo-terminal master file and said pseudo-terminal slave file are connected by a secure pseudo-terminal link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein said first and second application programs are contained within a single program.
  - 3. The method of claim 1 wherein changing step further comprises the steps of:
    - changing individual ownership of said pseudo-terminal slave file from a first owner name to an effective user identification associated with said second application program; and
      
      changing said access permission code from first value to a second value.
  - 4. The method of claim 3 wherein said first owner name is a superuser name.
  - 5. The method of claim 3 wherein said first value of said access permission code is rw.rw.rw. and said second value of said access permission code is rw..w. . . . .
  - 6. The method of claim 3 further comprising the step of:
    - changing group ownership of said pseudo-terminal slave file from a first group name to a second group name.
  - 7. The method of claim 3 further comprising the steps of:
    - changing, coincident with a final closing of said pseudo-terminal slave file, said access permission code from said second value to said first value and said individual ownership of said pseudo-terminal slave file from said effective user identification to said first owner name.
  - 8. The method of claim 7 wherein said first owner name is a superuser name.
  - 9. The method of claim 7 wherein said first value of said access permission code is rw.rw.rw. and said second value of said access permission code is rw..w. . . . .
  - 10. The method of claim 7 further comprising the step of:
    - changing, upon a final closing of said pseudo-terminal slave file, group ownership of said pseudo-terminal slave file from a second group name to a first group name.
  - 11. The method of claim 10 wherein said second group name is defined by an implementation of said operating system.

12. In a computer system having an operating system, apparatus within a kernel of said operating system for establishing a secure pseudo-terminal link between a pseudo-terminal master device driver and an associated pseudo-terminal slave device driver, said apparatus comprising:
- means for receiving, from a first application program, a first request to open said pseudo-terminal master device driver;
  
  means for granting said first request if said pseudo-terminal master device driver and said pseudo-terminal slave device driver be presently closed, otherwise denying said first request;
  
  means for opening said pseudo-terminal master device driver whenever said first request is granted;
  
  means for receiving, from a second application program, a second request to open said pseudo-terminal slave device driver;
  
  means for granting said second request if said pseudo-terminal master device driver be presently open and a first user identification associated with said first application program which opened said pseudo-terminal master device driver be identical to a second user identification associated with said second application program presently requesting to open said pseudo-terminal slave device driver, otherwise denying said second request;
  
  means for changing, whenever said second request is granted, an access permission code and ownership of said pseudo-terminal slave device driver;
  
  means for opening, after said access permission code and ownership are changed, said pseudo-terminal slave device driver such that said pseudo-terminal master device driver and said pseudo-terminal slave device driver are connected by a secure pseudo-terminal link.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The apparatus of claim 12 wherein said first and second application programs are contained within a single program.
  - 14. The apparatus of claim 12 wherein said means for changing further comprises:
    - means (535) for changing individual ownership of said pseudo-terminal slave device driver from a first owner name to an effective user identification associated with said second application program; and
      
      means (535) for changing said access permission code from a first value to a second value.
  - 15. The apparatus of claim 14 wherein said first owner name is a superuser name.
  - 16. The apparatus of claim 14 wherein said first value of said access permission code is rw.rw.rw. and said second value of said access permission code is rw..w . . . .
  - 17. The apparatus of claim 14 further comprising:
    - means for changing group ownership of said pseudo-terminal slave device driver from a first group name to a second group name.
  - 18. The apparatus of claim 14 further comprising:
    - means (610) for changing, coincident with a final closing of said pseudo-terminal slave device driver, said access permission code from said second value to said first value and said individual ownership of said pseudo-terminal slave device driver from said user identification to said first owner name.
  - 19. The apparatus of claim 18 wherein said first owner name is a superuser name.
  - 20. The apparatus of claim 18 wherein said first value of said access permission code is rw.rw.rw. and said second value of said access permission code is rw..w. . . .
  - 21. The apparatus of claim 18 wherein said means for changing, upon closing said pseudo-terminal slave device driver, further changes group ownership of said pseudo-terminal slave file from a second group name to a first group name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Case, John H., Fabish, Richard A., Distelberg, Robert J.
Primary Examiner(s)
Kriess, Kevin A.
Assistant Examiner(s)
RICHEY, MICHAEL T

Application Number

US08/009,519
Time in Patent Office

965 Days
Field of Search

395/650, 395/700
US Class Current

719/321
CPC Class Codes

G06F 9/468 Specific access rights for ...

Method and apparatus for creating secure pseudo-terminal links

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for creating secure pseudo-terminal links

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links