In article <200707141514.37709.lacoste@miage.univ-paris12.fr>,
Thierry Lacoste  <lacoste@miage.univ-paris12.fr> wrote:
>On Saturday 14 July 2007 14:49, David Laight wrote:
>> On Sat, Jul 14, 2007 at 01:26:24PM +0200, Thierry Lacoste wrote:
>> > Jul 12 11:42:27 vega /netbsd: set{u,g}id pid 29748 (sendmail) was invoked
>> > by uid 0 ppid 1 (init) with fd 1,2 closed
>> > Jul 12 11:42:27 vega /netbsd: set{u,g}id pid 2714 (wall) was invoked by
>> > uid 0 ppid 1889 (sh) with fd 1,2 closed
>> >
>> > What do wall and sendmail messages mean?
>>
>> They are from the kernel. Basically programs and (worse) library code
>> are likely to assume that fd 1 and 2 are connected to places they can
>> write messages to. If you start a program with them closed, then they
>> can be used for 'normal' file opens, and then writes to stdout/stderr
>> can appear in the wring place.
>> When this happens accidentally [1] is can be hard to debug, but for
>> suid programs it could be a security issue.
>> The kernel warnings are this suggesting that you fix whatever is
>> closing the fds
>Thanks David. I suspected something like this but I was not sure as this
>does not happen on other BSDs.

OpenBSD has the same code AFAIK. FreeBSD's is a bit different.

christos