> Topic: insecure handling of stdio file descriptors They didn't say so, but this work was obviously based on: RCS file: /cvs/src/sys/kern/kern_exec.c,v ... revision 1.20 date: 1998/07/02 08:53:04; author: deraadt; state: Exp; lines: +38 -1 for sugid procs ensure that fd 0-2 are allocated slots (by pointing at /dev/null -- future patch will use a dead vnode of some sort) to prevent reuse (ie. new allocations) of these fd which libc makes many assumptions about; problem noted by James Youngman
This archive was generated by hypermail 2b30 : Mon Apr 22 2002 - 14:36:58 PDT