From owner-cvs-all  Mon Apr 22 13:32:26 2002
Delivered-To: cvs-all@freebsd.org
Received: from rover.village.org (rover.bsdimp.com [204.144.255.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id CC49037B638; Mon, 22 Apr 2002 13:31:50 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.3/8.11.3) with ESMTP id g3MKU7H72764;
	Mon, 22 Apr 2002 14:30:07 -0600 (MDT)
	(envelope-from imp@village.org)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.11.6/8.11.6) with ESMTP id g3MKTtb20200;
	Mon, 22 Apr 2002 14:29:56 -0600 (MDT)
	(envelope-from imp@village.org)
Date: Mon, 22 Apr 2002 14:29:31 -0600 (MDT)
Message-Id: <20020422.142931.00009329.imp@village.org>
To: mike@FreeBSD.org
Cc: wollman@lcs.mit.edu, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c
 src/sys/sys filedesc.h
From: "M. Warner Losh" <imp@village.org>
In-Reply-To: <20020422160742.B8421@espresso.q9media.com>
References: <20020418.220125.06947209.imp@village.org>
	<200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>
	<20020422160742.B8421@espresso.q9media.com>
X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

In message: <20020422160742.B8421@espresso.q9media.com>
            Mike Barcroft <mike@FreeBSD.org> writes:
: I agree that the current solution to this problem is wrong.  I think
: the most correct solution would be to fix each set[ug]id program to
: ensure that it has a working set of the basic std{in,out,err}
: descriptors by making a series of fstat() calls and watching for a
: EBADF.

There are too many of them that don't do this, and more being added to
the tree all the time, esp in ports.  There was a port that caused
this issue to boil up to the top of the list.  Until such time as we
can guarnatee that all such setuid programs are perfect, we should
adopt a defensive posture.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message