Subject: Re: Ensuring set{g,u}id processes have fd 0, 1, & 2 allocated.
To: None <>
From: Christoph Badura <>
List: tech-kern
Date: 01/14/1999 20:52:30 (Thor Lancelot Simon) writes:
>On Sun, Jan 10, 1999 at 11:56:25AM -0800, David Brownlee wrote:
>> 	OpenBSD does this in kern_exec.c
>> 	this avoids attacks that involve closing one or more of fd{0,1,2}
>> 	and running a setuid program that opens a filedescriptor for
>> 	any reason then	tries to use one of the standard descriptors.

Avoids is probably too strong a word.  It is not hard to come up with a number
of szenarios where this code (up to rev 1.25 of that file) will fail silently.
Perhaps a better method could be devised instead of this incomplete hack.

Christoph Badura

Probleme mit Linux?  Versuch NetBSD!
Problems with Linux?  Try NetBSD!