|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Theo de Raadt (deraadt
cvs.openbsd.org)Date: Mon Apr 22 2002 - 14:23:51 CDT
> Topic: insecure handling of stdio file descriptors
They didn't say so, but this work was obviously based on:
RCS file: /cvs/src/sys/kern/kern_exec.c,v
...
revision 1.20
date: 1998/07/02 08:53:04; author: deraadt; state: Exp; lines: +38 -1
for sugid procs ensure that fd 0-2 are allocated slots (by pointing at
/dev/null -- future patch will use a dead vnode of some sort) to prevent
reuse (ie. new allocations) of these fd which libc makes many assumptions
about; problem noted by James Youngman
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]