Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux

From: Alan Cox (alanat_private)
Date: Thu Jul 30 1998 - 10:41:28 PDT

Next message: James Youngman: "Re: Possible root exploit in Linux povray"

Previous message: Alan Brown: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"
Next in thread: Pavel Kankovsky: "Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Alan Cox actually is the first person who highlighted this sort of
> vulnerability to me.  Does anyone know if the OpenBSD approach is

Im certainly not its discoverer however.

> suid/sgid program bogus stdin/stdout/stderr)?  Also, is a similar patch
> in the works for Linux?  (I ask, because I'm a Linux user myself.)

Someone was working on one yes

> And, is there any overwhelming reason why you wouldn't make the same
> guarantee that fd's 0..2 are open for all processes, rather than just
> suid/sgid processes?

Actually for the general case you shouldnt do it. Passing a closed fd
is valid Unix behaviour, so you cease to really be "unix" by doing it.

Obviously there are sometimes advantages to not following unix tradition
totally

Next message: James Youngman: "Re: Possible root exploit in Linux povray"
Previous message: Alan Brown: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"
Next in thread: Pavel Kankovsky: "Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:10:59 PDT