Bugtraq mailing list archives
Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio
From: "Steven M. Bellovin" <smb () research att com>
Date: Mon, 22 Apr 2002 18:30:25 -0400
It's amazing that this has taken so long to resurface. This is an ancient bug -- see, for example, Henry Spencer's suid man page from 1987 (http://groups.google.com/groups?q=checklist+security+setuid+-linux+group:alt.security&hl=en&scoring=r&selm=1991May14.101450.830%40convex.com&rnum=1 quotes it). The document notes, among other pieces of sage advice, the following: One or more of the standard descriptors might be closed, so that an opened file might get (say) descriptor 1, causing chaos if the program tries to do a .IR printf . I seem to recall the same suggestion in an early document by Jim Ellis and (I think) Tom Truscott, but I can't find a copy at the moment. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com
Current thread:
- FreeBSD Security Advisory FreeBSD-SA-02:23.stdio FreeBSD Security Advisories (Apr 22)
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio bert hubert (Apr 22)
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Theo de Raadt (Apr 22)
- <Possible follow-ups>
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Steven M. Bellovin (Apr 23)
- trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio) James Ralston (Apr 24)