Date: Thu, 18 Apr 2002 22:33:45 -0600 (MDT) From: "M. Warner Losh" <imp@village.org> To: wollman@lcs.mit.edu Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h Message-ID: <20020418.223345.74400883.imp@village.org> In-Reply-To: <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu> References: <200204190309.g3J39tE69057@khavrinen.lcs.mit.edu> <20020418.220125.06947209.imp@village.org> <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>
Garrett Wollman <wollman@lcs.mit.edu> writes:
: <<On Thu, 18 Apr 2002 22:01:25 -0600 (MDT), "M. Warner Losh" <imp@village.org> said:
:
: > There is no other way to fix this than in the kernel...
:
: Sure there is -- make sure that every privileged process has something
: on every fd. You could do it in csu (although from a standards
: perspective that would make no difference). Or, alternatively, rather
: than changing exec(), you could change fdalloc() to never return fd 0,
: 1, or 2 except when explicitly requested by dup2() -- although this
: would break some seriously old programs that expect to be able to do
:
: fd = open(...)
: close(1);
: dup(fd);
:
: and have it work. (These programs are broken anyway -- the Standard
: does not guarantee any particular order of fd allocation.)
True that csu would fix it, but you'd have to relink every setuid
binary to make it effective. A kernel solution doesn't have that
limitation. The solution for fdalloc may break some shells that do
depend on ordering. I don't know if any of these shells still exist,
I'll admit to being lazy and not checking, but at one time I know that
to redirect stdin, a shell would do
close(0);
open("foo");
and expect it to get fd 0. This is a variation on your theme, and is
also a standards violation, but I was under the impression that this
was a fairly wide-spread practice. Of course, I've not looked at
FreeBSD's shells to see how they do it. Hmmmm, I guess I better...
I see at least one place in the tcsh sources that do a close (0)
followed by an if (open("...",...) == -1) { error } do stuff with
stdin. Again, not standard conforming, but it does work right now.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418.223345.74400883.imp>