Date: Tue, 23 Apr 2002 09:52:26 -0600 (MDT) From: "M. Warner Losh" <imp@village.org> To: mike@FreeBSD.org Cc: nectar@FreeBSD.org, phk@critter.freebsd.dk, wollman@lcs.mit.edu, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h Message-ID: <20020423.095226.96600629.imp@village.org> In-Reply-To: <20020423114052.F72727@espresso.q9media.com> References: <20020423104722.D72727@espresso.q9media.com> <20020423152003.GB28750@madman.nectar.cc> <20020423114052.F72727@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <20020423114052.F72727@espresso.q9media.com>
Mike Barcroft <mike@FreeBSD.org> writes:
: Jacques A. Vidrine <nectar@FreeBSD.org> writes:
: > I prefer
: >
: > do {
: > fd = open("/dev/null", O_RDWR);
: > if (fd < 0)
: > exit(1);
: > } while (fd < 3);
: > close(fd);
: >
: > but I've already added that to all setuid executables that will ever
: > run on FreeBSD -- even if they haven't been invented yet.
:
: Yes, at the cost of breaking conforming applications -- even if they
: haven't been invented yet. I don't have any objections to your hack
: being left in place until the base system can be audited or even in
: the long term if its made into a kernel option.
The "it breaks strict standards conformance" is much less important
than "users are using this standards conformance to leverage higher
privs." You need a better argument than that if you are going to have
the changes reverted. Sorry. We already break standards conformance
for setuid/setgid programs in a number of subtle ways to preclude them
from gaining higher privs.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423.095226.96600629.imp>