Subject: Re: navigator 4.79 with 1.6B/i386
To: Wojciech Puchar <wojtek@chylonia.3miasto.net>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 06/12/2002 08:01:23
In message <Pine.NEB.4.33.0206120630420.21372-100000@chylonia.3miasto.net>, Woj
ciech Puchar writes:
>this goes to log when starting navigator:
>
>Jun 12 06:30:25 chylonia /netbsd: set{u,g}id pid 21212 (netstat) was
>invoked by uid 1000 ppid 21120 (netscape) with fd 0 closed
>
>then all works fine.
>
>what does it mean?
>
>
To avoid some ancient security attacks, the kernel was modified 
(hacked?) to ensure that when a set[ug]id program is executed, fd 0, 1, 
and 2 are open.  If they're closed, the kernel forces an open to /dev/null.
In this case, Netscape is invoking netstat (I'm not sure why it 
wants to, but I haven't groveled through the Mozilla source, and does 
the same thing), and has those file descriptors closed.  Nothing to 
worry about in this case, and arguably not worth a console message.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)