From owner-cvs-all Thu Apr 18 21:34:26 2002 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 1DE5F37B404; Thu, 18 Apr 2002 21:34:17 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g3J4YFH53315; Thu, 18 Apr 2002 22:34:16 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g3J4YEx11089; Thu, 18 Apr 2002 22:34:14 -0600 (MDT) (envelope-from imp@village.org) Date: Thu, 18 Apr 2002 22:33:45 -0600 (MDT) Message-Id: <20020418.223345.74400883.imp@village.org> To: wollman@lcs.mit.edu Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h From: "M. Warner Losh" In-Reply-To: <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu> References: <200204190309.g3J39tE69057@khavrinen.lcs.mit.edu> <20020418.220125.06947209.imp@village.org> <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu> Garrett Wollman writes: : < said: : : > There is no other way to fix this than in the kernel... : : Sure there is -- make sure that every privileged process has something : on every fd. You could do it in csu (although from a standards : perspective that would make no difference). Or, alternatively, rather : than changing exec(), you could change fdalloc() to never return fd 0, : 1, or 2 except when explicitly requested by dup2() -- although this : would break some seriously old programs that expect to be able to do : : fd = open(...) : close(1); : dup(fd); : : and have it work. (These programs are broken anyway -- the Standard : does not guarantee any particular order of fd allocation.) True that csu would fix it, but you'd have to relink every setuid binary to make it effective. A kernel solution doesn't have that limitation. The solution for fdalloc may break some shells that do depend on ordering. I don't know if any of these shells still exist, I'll admit to being lazy and not checking, but at one time I know that to redirect stdin, a shell would do close(0); open("foo"); and expect it to get fd 0. This is a variation on your theme, and is also a standards violation, but I was under the impression that this was a fairly wide-spread practice. Of course, I've not looked at FreeBSD's shells to see how they do it. Hmmmm, I guess I better... I see at least one place in the tcsh sources that do a close (0) followed by an if (open("...",...) == -1) { error } do stuff with stdin. Again, not standard conforming, but it does work right now. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message