Subject: Re: poll(2) oddity
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-userlevel
Date: 07/08/2002 08:50:27
> Given that some programs close all high numbered fds, I'm sure there
> is a lurking security issue if you set rlimit(NO_FILES) to below one
> of their open files - since it won't get closed.

> OTOH I haven't spotted anything useful (yet).

I have actually (ab)used that.  I had a program that did the
close-all-open-files thing, but wanted to sneak SSH_AUTHENTICATION_FD
past it.  So I diddled ssh_agent to put the fd high up, and then set
rlimit(NOFILE) lower than that.

Of course, several people will doubtless explain why this was a wrong
answer, for whatever value of 'wrong", but it did what I wanted at the
time, which makes it right in some pragmatic sense....

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B