Subject: Re: forkexec(2)
To: Ignatios Souvatzis <ignatios@theory.cs.uni-bonn.de>
From: Todd Vierling <tv@NetBSD.ORG>
List: tech-kern
Date: 04/13/1998 09:06:34
On Mon, 13 Apr 1998, Ignatios Souvatzis wrote:
: You need something like:
:
: /* save my versions */
: savestdin = dup(0);
: /* open childs versions */
: close(0);
: open(what I want to be at stdin in the child);
: callexec();
"Security problem." What is stopping the child program from arbitrarily
reading from the file descriptors dup()ed above? "Oh, we need to restrict
forkexec() to only pass descriptors 0-2." ick.
: /* restore my versions */
: close(0); dup(savestdin);
dup2(0, savestdin); close(savestdin); -- I assume you mean. :>
--
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)