Bugtraq mailing list archives

Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Thu, 30 Jul 1998 18:41:28 +0100

Alan Cox actually is the first person who highlighted this sort of
vulnerability to me.  Does anyone know if the OpenBSD approach is


Im certainly not its discoverer however.

suid/sgid program bogus stdin/stdout/stderr)?  Also, is a similar patch
in the works for Linux?  (I ask, because I'm a Linux user myself.)


Someone was working on one yes

And, is there any overwhelming reason why you wouldn't make the same
guarantee that fd's 0..2 are open for all processes, rather than just
suid/sgid processes?


Actually for the general case you shouldnt do it. Passing a closed fd
is valid Unix behaviour, so you cease to really be "unix" by doing it.

Obviously there are sometimes advantages to not following unix tradition
totally

Current thread:

Re: Fwd: Any user can panic OpenBSD machine, (continued)
- - - Re: Fwd: Any user can panic OpenBSD machine J.R. Valverde (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Felix Schroeter (Jul 28)
    - netscape mail overflow(another one) Paul Boehm (Jul 28)
    - Re: netscape mail overflow(another one) Brett Glass (Jul 28)
    - Re: netscape mail overflow(another one) pedward () WEBCOM COM (Jul 29)
    - HP-UX Predictive & Netscape SSL Vulnerabilities Aleph One (Jul 29)
    - Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
    - Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
    - FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
    - Re: netscape mail overflow(another one) Paul Boehm (Jul 29)
    - who Paul Boehm (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Chris Wedgwood (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
  - Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Peter Jeremy (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Chris Wedgwood (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Joshua Cope (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Jason Thorpe (Jul 28)

(Thread continues...)