Subject: Ensuring set{g,u}id processes have fd 0, 1, & 2 allocated.
To: None <>
From: David Brownlee <>
List: tech-security
Date: 01/10/1999 11:56:25
	OpenBSD does this in kern_exec.c

	this avoids attacks that involve closing one or more of fd{0,1,2}
	and running a setuid program that opens a filedescriptor for
	any reason then	tries to use one of the standard descriptors.

	The other approach would be to modify every set{g,u}id program
	to exit if any of the three descriptors are closed.

	Would anyone object if the above patch was added to NetBSD?


.---- I've been too drunk to love ----.-- I've been too drunk to remember -.
|          too drunk to care          |    the hell of the night before    |
|  looked like death, felt like hell  |   I've been drinking myself blind  |
`------ been the worse for wear ------'-- and still I'll drink some more --'