Date: Fri, 19 Apr 2002 03:26:11 +0000 From: "J. Mallett" <jmallett@FreeBSD.ORG> To: Garance A Drosihn <drosih@rpi.edu> Cc: Garrett Wollman <wollman@lcs.mit.edu>, Jacques Vidrine <nectar@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h Message-ID: <20020419032610.GG30498@FreeBSD.ORG> In-Reply-To: <p05111709b8e53bfd88f7@[128.113.24.47]> References: <200204190045.g3J0jUY59526@freefall.freebsd.org> <200204190309.g3J39tE69057@khavrinen.lcs.mit.edu> <p05111709b8e53bfd88f7@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 18, 2002 at 11:16:45PM -0400, Garance A Drosihn wrote: > At 11:09 PM -0400 4/18/02, Garrett Wollman wrote: > ><<On Thu, 18 Apr 2002 17:45:30 -0700 (PDT), Jacques Vidrine > ><nectar@FreeBSD.org> said: > > > > > When exec'ing a set[ug]id program, make sure that the stdio > > > file descriptors (0, 1, 2) are allocated by opening /dev/null > > > for any which are not already open. > > > ><>shudder<> > > > >This seems completely and utterly broken to me. > > I don't see how it would break anything, although I'm not > sure why this is something that needs to be done for set[ug]id > programs and not for others? Is this trying to avoid error > conditions that would pull the rug out from under such a > program "at a bad time"? > If you know the codepath of a program, you can close a number of file descriptors, and ones specifically for reading or writing, and without fail cause corruption of a file, dump information of your choice into a file, or cause information to be incorrectly read from a file. I can give you specific examples of how this could be abused, but it doesn't really take much imagination. -- jmallett@FreeBSD.org | C, MIPS, POSIX, UNIX, BSD, IRC Geek. http://www.FreeBSD.org | The Power to Serve "We all need mirrors to remind ourselves who we are -- I'm no different." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020419032610.GG30498>