On Sat, Jul 14, 2007 at 01:26:24PM +0200, Thierry Lacoste wrote:
> Jul 12 11:42:27 vega /netbsd: set{u,g}id pid 29748 (sendmail) was invoked by 
> uid 0 ppid 1 (init) with fd 1,2 closed
> Jul 12 11:42:27 vega /netbsd: set{u,g}id pid 2714 (wall) was invoked by uid 0 
> ppid 1889 (sh) with fd 1,2 closed
> 
> What do wall and sendmail messages mean?

They are from the kernel. Basically programs and (worse) library code
are likely to assume that fd 1 and 2 are connected to places they can
write messages to. If you start a program with them closed, then they
can be used for 'normal' file opens, and then writes to stdout/stderr
can appear in the wring place.
When this happens accidentally [1] is can be hard to debug, but for
suid programs it could be a security issue.
The kernel warnings are this suggesting that you fix whatever is
closing the fds - often best to open /dev/null onto them instead.

	David

[1] we had some code that did printf() instead of sprintf(), no one
noticed the incorrect log file entry, but eventually the stdio buffer
filled and a chunk of data got written to a pipe fd used for IPC.

-- 
David Laight: david@l8s.co.uk