[ViewVC] Diff of: cvs/cvsroot/libptytty/doc/libptytty.3

Comparing cvsroot/libptytty/doc/libptytty.3 (file contents):
Revision 1.3 by sf-exg, Sat Jan 21 16:17:10 2012 UTC vs.
Revision 1.4 by root, Thu Feb 25 20:21:49 2016 UTC

-.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .el\{\
 .    ds -- \|\(em\|
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .\"
 .\" If the F register is turned on, we'll generate index entries on stderr for
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
-.    de IX
+.        de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    nr % 0
+.        if !\nF==2 \{
-.    rr F
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
-.el \{\
+.rr rF
-.    de IX
-..
-.\}
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
 .    \" fudge factors for nroff and troff
 .if n \{\
 .\}
 .rm #[ #] #H #V #F C
 .\" ========================================================================
 .\"
 .IX Title "libptytty 3"
-.TH libptytty 3 "2012-01-21" "1.6" "LIBPTYTTY"
+.TH libptytty 3 "2016-02-25" "1.8" "LIBPTYTTY"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH "NAME"
 calling process, so in case the calling process gets compromised by the
 user starting the program there is less to gain, as only the helper
 process runs with privileges (e.g. setuid/setgid), which reduces the area
 of attack immensely.
 .PP
-Libptytty is written in \*(C+, but it also offers a C\-only \s-1API\s0.
+Libptytty is written in \*(C+, but it also offers a C\-only \s-1API.\s0
 .SH "SECURITY CONSIDERATIONS"
 .IX Header "SECURITY CONSIDERATIONS"
 \&\fI\f(BIIt is of paramount importance that you at least read the following
 paragraph!\fI\fR
 .PP
 is started, and if and how to drop privileges. For those programs, the
 methods \f(CW\*(C`ptytty::use_helper\*(C'\fR and \f(CW\*(C`ptytty::drop_privileges\*(C'\fR (and possibly
 \&\f(CW\*(C`ptytty::sanitise_stdfd\*(C'\fR) are more useful.
 .SH "\*(C+ INTERFACE: THE ptytty CLASS"
 .IX Header " INTERFACE: THE ptytty CLASS"
-.SS "\s-1STATIC\s0 \s-1METHODS\s0"
+.SS "\s-1STATIC METHODS\s0"
 .IX Subsection "STATIC METHODS"
 .IP "ptytty::init ()" 4
 .IX Item "ptytty::init ()"
 The default way to initialise libptytty. Must be called immediately as
 the first thing in the \f(CW\*(C`main\*(C'\fR function, or earlier e.g. during static
 .Sp
 This method calls \f(CW\*(C`sanitise_stdfd\*(C'\fR and then checks whether the program runs
 with setuid/setgid permissions and, if yes, spawns a helper process for
 pty/tty management. It then drops the privileges completely, so the actual
 program runs without setuid/setgid privileges.
+.Sp
+On failure, this method terminates the process.
 .IP "ptytty::use_helper ()" 4
 .IX Item "ptytty::use_helper ()"
 Tries to start a helper process that retains privileges even when the
 calling process does not. This is usually called from \f(CW\*(C`ptytty::init\*(C'\fR when
 it detects that the program is running setuid or setgid, but can be called
 running as a root-started daemon).
 .Sp
 This method will try not to start more than one helper process. The same
 helper process can usually be used both from the process starting it and
 all its fork'ed (not exec'ed) children.
+.Sp
+On failure, this method terminates the process.
 .IP "ptytty::drop_privileges ()" 4
 .IX Item "ptytty::drop_privileges ()"
-Drops privileges completely, i.e. sets real, effective and saved user id
+Drops privileges completely, i.e. sets real, effective and saved user
-to the real user id. Also aborts if this cannot be achieved. Useful to
+id to the real user id. Useful to make sure that the process doesn't
-make sure that the process doesn't run with special privileges.
+run with special privileges.
+.Sp
+On failure, this method terminates the process.
 .IP "ptytty::sanitise_stdfd ()" 4
 .IX Item "ptytty::sanitise_stdfd ()"
-Checks whether file descriptors 0, 1 and 2 (stdin, stdout and stderr) are
+Checks whether file descriptors 0, 1 and 2 (stdin, stdout and stderr)
-valid (open) and, if not, connects them to \fI/dev/tty\fR or \fI/dev/null\fR if
+are valid (open) and, if not, connects them to \fI/dev/tty\fR or
-possible (and aborts otherwise). This is necessary because libptytty might
+\&\fI/dev/null\fR if possible. This is necessary because libptytty might
-want to output error messages to those descriptors, which at the time of
+want to output error messages to those descriptors, which at the time
-outputting the error message, might be connected to something unsuitable
+of outputting the error message, might be connected to something
-opened by the unsuspecting program itself (this can be a security issue).
+unsuitable opened by the unsuspecting program itself (this can be a
+security issue).
+.Sp
+On failure, this method terminates the process.
 .IP "bool success = ptytty::send_fd (int socket, int fd)" 4
 .IX Item "bool success = ptytty::send_fd (int socket, int fd)"
 Utility method to send a file descriptor over a unix domain
 socket. Returns true if successful, false otherwise. This method is only
 exposed for your convenience and is not required for normal operation.
 Creates new ptytty object. Creation does not yet do anything besides
 allocating the structure.
 .Sp
 A static method is used because the actual ptytty implementation can
 differ at runtime, so you need a dynamic object creation facility.
-.SS "\s-1DYNAMIC/SESSION\-RELATED\s0 \s-1DATA\s0 \s-1MEMBERS\s0 \s-1AND\s0 \s-1METHODS\s0"
+.SS "\s-1DYNAMIC/SESSION\-RELATED DATA MEMBERS AND METHODS\s0"
 .IX Subsection "DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS"
 .IP "int pty_fd = pty\->pty" 4
 .IX Item "int pty_fd = pty->pty"
 .PD 0
 .IP "int tty_fd = pty\->tty" 4
 .IX Item "int tty_fd = pty->tty"
 .PD
 These members contain the pty and tty file descriptors, respectively. They
-initially contain \f(CW\*(C`\-1\*(C'\fR until a successful to \f(CW\*(C`ptytty::get\*(C'\fR.
+initially contain \f(CW\*(C`\-1\*(C'\fR until a successful call to \f(CW\*(C`ptytty::get\*(C'\fR.
 .IP "bool success = pty\->get ()" 4
 .IX Item "bool success = pty->get ()"
 Tries to find, allocate and initialise a new pty/tty pair. Returns \f(CW\*(C`true\*(C'\fR
 when successful.
+.Sp
+If the helper process is running and there is a protocol error, this
+method terminates the process.
 .IP "pty\->login (int cmd_pid, bool login_shell, const char *hostname)" 4
 .IX Item "pty->login (int cmd_pid, bool login_shell, const char *hostname)"
 Creates an entry in the systems session database(s) (utmp, wtmp, lastlog).
 \&\f(CW\*(C`cmd_pid\*(C'\fR must be the pid of the process representing the session
 (such as the login shell), \f(CW\*(C`login_shell\*(C'\fR defines whether the session is

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing cvsroot/libptytty/doc/libptytty.3 (file contents): Revision 1.3 by sf-exg, Sat Jan 21 16:17:10 2012 UTC vs. Revision 1.4 by root, Thu Feb 25 20:21:49 2016 UTC

Diff Legend

Comparing cvsroot/libptytty/doc/libptytty.3 (file contents):
Revision 1.3 by sf-exg, Sat Jan 21 16:17:10 2012 UTC vs.
Revision 1.4 by root, Thu Feb 25 20:21:49 2016 UTC