From owner-cvs-all  Tue Apr 23  0: 1:27 2002
Delivered-To: cvs-all@freebsd.org
Received: from espresso.q9media.com (espresso.q9media.com [216.254.138.122])
	by hub.freebsd.org (Postfix) with ESMTP
	id BE90637B400; Tue, 23 Apr 2002 00:01:16 -0700 (PDT)
Received: (from mike@localhost)
	by espresso.q9media.com (8.11.6/8.11.6) id g3MK7gT72720;
	Mon, 22 Apr 2002 16:07:42 -0400 (EDT)
	(envelope-from mike)
Date: Mon, 22 Apr 2002 16:07:42 -0400
From: Mike Barcroft <mike@FreeBSD.ORG>
To: Garrett Wollman <wollman@lcs.mit.edu>
Cc: "M. Warner Losh" <imp@village.org>, cvs-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h
Message-ID: <20020422160742.B8421@espresso.q9media.com>
References: <200204190045.g3J0jUY59526@freefall.freebsd.org> <200204190309.g3J39tE69057@khavrinen.lcs.mit.edu> <20020418.220125.06947209.imp@village.org> <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200204190420.g3J4KMC69617@khavrinen.lcs.mit.edu>; from wollman@lcs.mit.edu on Fri, Apr 19, 2002 at 12:20:22AM -0400
Organization: The FreeBSD Project
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

[Sorry for the late reply.]

Garrett Wollman <wollman@lcs.mit.edu> writes:
> <<On Thu, 18 Apr 2002 22:01:25 -0600 (MDT), "M. Warner Losh" <imp@village.org> said:
> 
> > There is no other way to fix this than in the kernel...
> 
> Sure there is -- make sure that every privileged process has something
> on every fd.  You could do it in csu (although from a standards
> perspective that would make no difference).  Or, alternatively, rather
> than changing exec(), you could change fdalloc() to never return fd 0,
> 1, or 2 except when explicitly requested by dup2() -- although this
> would break some seriously old programs that expect to be able to do
> 
> 	fd = open(...)
> 	close(1);
> 	dup(fd);
> 
> and have it work.  (These programs are broken anyway -- the Standard
> does not guarantee any particular order of fd allocation.)

I agree that the current solution to this problem is wrong.  I think
the most correct solution would be to fix each set[ug]id program to
ensure that it has a working set of the basic std{in,out,err}
descriptors by making a series of fstat() calls and watching for a
EBADF.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message