Subject: Re: Ensuring set{g,u}id processes have fd 0, 1, & 2 allocated.
To: David Brownlee <>
From: Thor Lancelot Simon <>
List: tech-kern
Date: 01/10/1999 16:17:47
On Sun, Jan 10, 1999 at 11:56:25AM -0800, David Brownlee wrote:
> 	OpenBSD does this in kern_exec.c
> 	this avoids attacks that involve closing one or more of fd{0,1,2}
> 	and running a setuid program that opens a filedescriptor for
> 	any reason then	tries to use one of the standard descriptors.
> 	The other approach would be to modify every set{g,u}id program
> 	to exit if any of the three descriptors are closed.
> 	Would anyone object if the above patch was added to NetBSD?

I suspect it may violate POSIX, but failing that, no.