From owner-cvs-all Tue Apr 23 8:53: 5 2002 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 6FE8E37B41C; Tue, 23 Apr 2002 08:52:55 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g3NFqsH77986; Tue, 23 Apr 2002 09:52:54 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g3NFqrb26358; Tue, 23 Apr 2002 09:52:53 -0600 (MDT) (envelope-from imp@village.org) Date: Tue, 23 Apr 2002 09:52:26 -0600 (MDT) Message-Id: <20020423.095226.96600629.imp@village.org> To: mike@FreeBSD.org Cc: nectar@FreeBSD.org, phk@critter.freebsd.dk, wollman@lcs.mit.edu, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h From: "M. Warner Losh" In-Reply-To: <20020423114052.F72727@espresso.q9media.com> References: <20020423104722.D72727@espresso.q9media.com> <20020423152003.GB28750@madman.nectar.cc> <20020423114052.F72727@espresso.q9media.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20020423114052.F72727@espresso.q9media.com> Mike Barcroft writes: : Jacques A. Vidrine writes: : > I prefer : > : > do { : > fd = open("/dev/null", O_RDWR); : > if (fd < 0) : > exit(1); : > } while (fd < 3); : > close(fd); : > : > but I've already added that to all setuid executables that will ever : > run on FreeBSD -- even if they haven't been invented yet. : : Yes, at the cost of breaking conforming applications -- even if they : haven't been invented yet. I don't have any objections to your hack : being left in place until the base system can be audited or even in : the long term if its made into a kernel option. The "it breaks strict standards conformance" is much less important than "users are using this standards conformance to leverage higher privs." You need a better argument than that if you are going to have the changes reverted. Sorry. We already break standards conformance for setuid/setgid programs in a number of subtle ways to preclude them from gaining higher privs. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message