From owner-freebsd-questions Fri Sep 27 9:31:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 622AF37B401 for ; Fri, 27 Sep 2002 09:31:49 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42DC443E4A for ; Fri, 27 Sep 2002 09:31:48 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id g8RGVkC0016792; Fri, 27 Sep 2002 17:31:46 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id g8RGVfC5016791; Fri, 27 Sep 2002 17:31:41 +0100 (BST) Date: Fri, 27 Sep 2002 17:31:41 +0100 From: Matthew Seaman To: Dan Langille Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sendmail: File descriptors missing on startup: stderr; Bad file descriptor Message-ID: <20020927163141.GA16132@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , Dan Langille , freebsd-questions@FreeBSD.ORG References: <3D941EE0.5166.6FDC7551@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D941EE0.5166.6FDC7551@localhost> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-13.4 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01, USER_AGENT,USER_AGENT_MUTT version=2.41 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Sep 27, 2002 at 09:03:28AM -0400, Dan Langille wrote: > I keep seeing this in /var/log/maillog but do not know the cause: > > sendmail[42390]: File descriptors missing on startup: stderr; Bad > file descriptor > > I'm on FreeBSD 4.6-STABLE #0: Thu Sep 26 09:02:16 EDT 2002 with > sendmail 8.12.5 > > Any ideas on cause/fix? What command line are you using to start sendmail? That error message suggests that the stderr file descriptor, which sendmail inherits from the shell where it is started, is bogus. The kernel will sanity check the standard descriptors when starting up SUID or SGID processes, and if any are closed, will open them up again on /dev/null. There was an egregious security bug exploiting that situation going the rounds a few months ago. See ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A23.stdio.asc However, that was fixed before 4.6-RELEASE. Also I believe that it was never possible to attack sendmail that way because the first thing sendmail does when being started in daemon mode is to walk through it's filedescriptor table and close them all down. The standard 0, 1, 2 descriptors are then immediately re-opened onto /dev/null. That's something that should be standard procedure for starting up any daemonized process and it is built into the daemon(3) function. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message