[7502] in bugtraq
Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux
daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Jul 30 17:17:06 1998
Date: Thu, 30 Jul 1998 18:41:28 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: j-zbiciak1@ti.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807300002.TAA13131@asterix> from "Joe Zbiciak" at Jul 29,
98 07:02:33 pm
> Alan Cox actually is the first person who highlighted this sort of
> vulnerability to me. Does anyone know if the OpenBSD approach is
Im certainly not its discoverer however.
> suid/sgid program bogus stdin/stdout/stderr)? Also, is a similar patch
> in the works for Linux? (I ask, because I'm a Linux user myself.)
Someone was working on one yes
> And, is there any overwhelming reason why you wouldn't make the same
> guarantee that fd's 0..2 are open for all processes, rather than just
> suid/sgid processes?
Actually for the general case you shouldnt do it. Passing a closed fd
is valid Unix behaviour, so you cease to really be "unix" by doing it.
Obviously there are sometimes advantages to not following unix tradition
totally
