Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Apr 2002 22:33:45 -0600 (MDT)
From:      "M. Warner Losh" <imp@village.org>
To:        wollman@lcs.mit.edu
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h
Message-ID:  <20020418.223345.74400883.imp@village.org>
In-Reply-To: <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>
References:  <200204190309.g3J39tE69057@khavrinen.lcs.mit.edu> <20020418.220125.06947209.imp@village.org> <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message: <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>
            Garrett Wollman <wollman@lcs.mit.edu> writes:
: <<On Thu, 18 Apr 2002 22:01:25 -0600 (MDT), "M. Warner Losh" <imp@village.org> said:
: 
: > There is no other way to fix this than in the kernel...
: 
: Sure there is -- make sure that every privileged process has something
: on every fd.  You could do it in csu (although from a standards
: perspective that would make no difference).  Or, alternatively, rather
: than changing exec(), you could change fdalloc() to never return fd 0,
: 1, or 2 except when explicitly requested by dup2() -- although this
: would break some seriously old programs that expect to be able to do
: 
: 	fd = open(...)
: 	close(1);
: 	dup(fd);
: 
: and have it work.  (These programs are broken anyway -- the Standard
: does not guarantee any particular order of fd allocation.)

True that csu would fix it, but you'd have to relink every setuid
binary to make it effective.  A kernel solution doesn't have that
limitation.  The solution for fdalloc may break some shells that do
depend on ordering.  I don't know if any of these shells still exist,
I'll admit to being lazy and not checking, but at one time I know that
to redirect stdin, a shell would do

	close(0);
	open("foo");

and expect it to get fd 0.  This is a variation on your theme, and is
also a standards violation, but I was under the impression that this
was a fairly wide-spread practice.  Of course, I've not looked at
FreeBSD's shells to see how they do it.  Hmmmm, I guess I better...

I see at least one place in the tcsh sources that do a close (0)
followed by an if (open("...",...) == -1) { error } do stuff with
stdin.  Again, not standard conforming, but it does work right now.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418.223345.74400883.imp>