Subject: Re: forkexec(2)
To: Ignatios Souvatzis <ignatios@theory.cs.uni-bonn.de>
From: Todd Vierling <tv@NetBSD.ORG>
List: tech-kern
Date: 04/13/1998 09:06:34
On Mon, 13 Apr 1998, Ignatios Souvatzis wrote:

: You need something like:
: 
: /* save my versions */
: savestdin = dup(0);

: /* open childs versions */
: close(0);
: open(what I want to be at stdin in the child);

: callexec();

"Security problem."  What is stopping the child program from arbitrarily
reading from the file descriptors dup()ed above?  "Oh, we need to restrict
forkexec() to only pass descriptors 0-2."  ick.

: /* restore my versions */
: close(0); dup(savestdin);

dup2(0, savestdin); close(savestdin); -- I assume you mean.  :>

-- 
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)