> Alan Cox actually is the first person who highlighted this sort of > vulnerability to me. Does anyone know if the OpenBSD approach is Im certainly not its discoverer however. > suid/sgid program bogus stdin/stdout/stderr)? Also, is a similar patch > in the works for Linux? (I ask, because I'm a Linux user myself.) Someone was working on one yes > And, is there any overwhelming reason why you wouldn't make the same > guarantee that fd's 0..2 are open for all processes, rather than just > suid/sgid processes? Actually for the general case you shouldnt do it. Passing a closed fd is valid Unix behaviour, so you cease to really be "unix" by doing it. Obviously there are sometimes advantages to not following unix tradition totally
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:10:59 PDT