pty: add GetPtyFromFile as safer GetPty

Security-conscious callers may wish to have more control over opening
/dev/ptmx, and so GetPty is not suitable for them. Previously it was not
possible for such users to open /dev/ptmx and then use this package to
create new ptys and manage the console.

On Linux, the intended usage would be for a daemon to get an O_PATH
handle to /dev/ptmx that can then be re-opened (through procfs) to get a
new handle to /dev/ptmx. I suspect on FreeBSD you could use O_EMPTY_PATH
to accomplish something similar.

Signed-off-by: Aleksa Sarai <[email protected]>

Author: cyphar

console_test.go

@@ -54,8 +54,8 @@ func TestWinSize(t *testing.T) {
 	}
 }
 
-func TestConsolePty(t *testing.T) {
-	console, slavePath, err := NewPty()
+func testConsolePty(t *testing.T, newPty func() (Console, string, error)) {
+	console, slavePath, err := newPty()
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -100,3 +100,18 @@ func TestConsolePty(t *testing.T) {
 		t.Errorf("unexpected output %q", out)
 	}
 }
+
+func TestConsolePty_NewPty(t *testing.T) {
+	testConsolePty(t, NewPty)
+}
+
+func TestConsolePty_NewPtyFromFile(t *testing.T) {
+	testConsolePty(t, func() (Console, string, error) {
+		// Equivalent to NewPty().
+		f, err := openpt()
+		if err != nil {
+			return nil, "", err
+		}
+		return NewPtyFromFile(f)
+	})
+}

console_unix.go

@@ -31,6 +31,15 @@ func NewPty() (Console, string, error) {
 	if err != nil {
 		return nil, "", err
 	}
+	return NewPtyFromFile(f)
+}
+
+// NewPtyFromFile creates a new pty pair, just like [NewPty] except that the
+// provided [os.File] is used as the master rather than automatically creating
+// a new master from /dev/ptmx. The ownership of [os.File] is passed to the
+// returned [Console], so the caller must be careful to not call Close on the
+// underlying file.
+func NewPtyFromFile(f File) (Console, string, error) {
 	slave, err := ptsname(f)
 	if err != nil {
 		return nil, "", err