Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accidental PTY hijack #982

Closed
janesser opened this issue Dec 26, 2024 · 9 comments
Closed

Accidental PTY hijack #982

janesser opened this issue Dec 26, 2024 · 9 comments

Comments

@janesser
Copy link

Describe the bug
eclipse-terminal accesses to pts/0 which is hold by kitty/bash in another window

  • ps shows process that is surely not from eclipse

this is a eclipse-pde setup where the resulting product has terminal also

(environment is inside a confined snap; almost no host files injected)

To Reproduce
Steps to reproduce the behavior:

  1. Open a terminal
  2. Hit ps (some process may appear here, which doesn't belong there)
  3. Do the corresponding lsof -p XX (pts/0 can be observed here)
  4. Run other processes from either shells end and see them appear

Expected behavior
Every terminal should acquire a distinct pts/n

Screenshots
If applicable, add screenshots to help explain your problem.

Version Information (please complete the following information):

  • OS and OS Version/extra details: ubuntu noble
  • Eclipse Version from Help -> About = 2024-12
  • CDT Version from Help -> About -> Installation Details -> Features tab = 11.6.1

Additional context
Add any other context about the problem here. For example the error log (in workspace/.metadata/.log) or for GDB interaction issues the GDB traces

P.S.: i can provide additional info as required.
@jonahgraham
Copy link
Member

@janesser I think I understand the problem you are facing, but I can't reproduce it.

This is what I see, each new terminal is getting a new pts, for example:

image

Text version of above image:

$ ps
    PID TTY          TIME CMD
1267639 pts/29   00:00:00 bash
1268175 pts/29   00:00:00 ps
$ lsof -p 1267639
COMMAND     PID  USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
bash    1267639 jonah  cwd    DIR  259,5     4096 5242882 /home/jonah
bash    1267639 jonah  rtd    DIR  259,5     4096       2 /
bash    1267639 jonah  txt    REG  259,5  1446024 7340495 /usr/bin/bash
bash    1267639 jonah  mem    REG  259,5  5719296 7375236 /usr/lib/locale/locale-archive
bash    1267639 jonah  mem    REG  259,5  2125328 7349788 /usr/lib/x86_64-linux-gnu/libc.so.6
bash    1267639 jonah  mem    REG  259,5   208328 7350207 /usr/lib/x86_64-linux-gnu/libtinfo.so.6.4
bash    1267639 jonah  mem    REG  259,5    27028 7350681 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
bash    1267639 jonah  mem    REG  259,5   236616 7349521 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
bash    1267639 jonah    0u   CHR 136,29      0t0      32 /dev/pts/29
bash    1267639 jonah    1u   CHR 136,29      0t0      32 /dev/pts/29
bash    1267639 jonah    2u   CHR 136,29      0t0      32 /dev/pts/29
bash    1267639 jonah  255u   CHR 136,29      0t0      32 /dev/pts/29
$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu 24.04.1 LTS"
$

My guess is that the confined snap is exposing the issue, but I am not sure how to set that up. Do you have any guidance on how you have set that part of your system up so I can try to replicate that?

@janesser
Copy link
Author

@jonahgraham hi, i guess without interference of apparmor / snap everything is working fine.

to reproduce i guess "any shell within snap confinement has this behaviour". i can help create a minimalist snapcraft.yaml - what would is the smallest libpty scenario - is there something from the test harness available ?

can you tell how libpty knows which is the "next free available pty".
from that onwards i shall see if apparmor should let this slide or
what on the kernel-userspace side decides if its a legit call, i.e. a shared pty (there might be scenarios where this is fun).

@jonahgraham
Copy link
Member

@janesser

can help create a minimalist snapcraft.yaml

Great - but I don't what the smallest scenario would be. If all of eclipse committers was in a snap then I could do everything.

is there something from the test harness available ?

Not that I know of. There is the ability to compile some of the C code referenced below in standalone mode, but I have never done it since I inherited this code base.

can you tell how libpty knows which is the "next free available pty".

Short version is we use getpt to open the PTY and ptsname to get the name of the slave side.

Here is the step-by-step that the code opens the terminal with (some of this you may know, just documenting to ensure I understand this code)

  1. In the UI create a new local terminal with the launch terminal button:
    image

  2. This line creates the PTY class, java side

    cdt/terminal/plugins/org.eclipse.tm.terminal.connector.process/src/org/eclipse/tm/terminal/connector/process/ProcessConnector.java

    Line 116 in 261af51

    pty = new PTY(PTY.Mode.TERMINAL);

  3. PTY calls the native code to open the master here:

    cdt/core/org.eclipse.cdt.core.native/src/org/eclipse/cdt/utils/pty/PTY.java

    Line 188 in 344d715

    slaveInit = (ptyType != PTY_TYPE.PTY_BROKEN) ? openMaster(isConsole()) : null;

  4. The JNI code calls ptym_open here

    cdt/core/org.eclipse.cdt.core.native/native_src/unix/pty.c

    Line 33 in c598eed

    master = ptym_open(line);

  5. The C code uses getpt to open the PTY here

    cdt/core/org.eclipse.cdt.core.native/native_src/unix/openpty.c

    Line 96 in 6431307

    fdm = getpt();

  6. Then the C code uses ptsname to get the name of the slave side.

    cdt/core/org.eclipse.cdt.core.native/native_src/unix/openpty.c

    Line 109 in 6431307

    ptr = ptsname(fdm);

  7. That string is what is returned to Java side and assigned to slaveInit from step 3, which ends up in the slave field

    cdt/core/org.eclipse.cdt.core.native/src/org/eclipse/cdt/utils/pty/PTY.java

    Line 196 in 344d715

    slave = slaveInit;

  8. Then bash is launched on that pty using exec_pty

    cdt/core/org.eclipse.cdt.core.native/src/org/eclipse/cdt/utils/pty/PTY.java

    Line 282 in 344d715

    return spawner.exec2(cmdarray, envp, dir, chan, slave, master, isConsole());

  9. exec_pty calls exec2 in the JNI side passing the slave name

    cdt/core/org.eclipse.cdt.core.native/native_src/unix/spawner.c

    Line 83 in b3be425

    JNIEXPORT jint JNICALL Java_org_eclipse_cdt_utils_spawner_Spawner_exec2(JNIEnv *env, jobject jobj, jobjectArray jcmd,

  10. this eventually ends up at call open (open wrapped in ptys_open) on the slave in the child process after the fork

    cdt/core/org.eclipse.cdt.core.native/native_src/unix/exec_pty.c

    Line 142 in dfdc174

    fds = ptys_open(fdm, pts_name);

@janesser
Copy link
Author

Given your hints, i could figure a little better about the snapd counterpart.

Look at this here: https://github.com/canonical/snapd/blob/bc60ea499205bcb9a362c60f974f08696d5649a6/cmd/snap-confine/mount-support.c#L162

Not sure what this is doing, but it looks a little 'fancy' to me.
Naive guessing, that could isolates one snap from another, but potentially misuses ptmx causing that "hijacking" situation.

can help create a minimalist snapcraft.yaml

Great - but I don't what the smallest scenario would be. If all of eclipse committers was in a snap then I could do everything.

you could try this one https://github.com/janesser/eclipse-snap. eclipse-pde is equivalent to eclipse committers edition. it's early-stage for the time being.

i shall raise an issue on snapd side soon. (and link here for backtracing)

@jonahgraham
Copy link
Member

I spent a little while trying to make the snap using these instructions, after installing some missing tools (pipx) and adding myself to lxd group, I cannot get past a network error and have stopped now. If you enable issues or discussion on https://github.com/janesser/eclipse-snap I can add additional details, but I don't want to start putting logs for that project in this issue.

@janesser
Copy link
Author

Thanks for trying.

Issues on eclipse-snap are now enabled. Either getting snapcraft operational or i'll dig into how to make the first release of it to install with snap install ...

@akurtakov
Copy link
Contributor

I'm not familiar with snap but maybe https://github.com/eclipse-linuxtools/eclipse-ide-snap is relevant for you?

@jonahgraham
Copy link
Member

I'm not familiar with snap but maybe https://github.com/eclipse-linuxtools/eclipse-ide-snap is relevant for you?

I did sudo snap install eclipse --classic and the eclipse that was installed did the correct thing with regard to pts.

@jonahgraham
Copy link
Member

Issues on eclipse-snap are now enabled.

Filed janesser/eclipse-snap#1

@janesser janesser closed this as completed Jan 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akurtakov @jonahgraham @janesser