Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio

From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Mon, 22 Apr 2002 13:23:51 -0600
Topic:          insecure handling of stdio file descriptors


They didn't say so, but this work was obviously based on:

RCS file: /cvs/src/sys/kern/kern_exec.c,v
...
revision 1.20
date: 1998/07/02 08:53:04;  author: deraadt;  state: Exp;  lines: +38 -1
for sugid procs ensure that fd 0-2 are allocated slots (by pointing at
/dev/null -- future patch will use a dead vnode of some sort) to prevent
reuse (ie. new allocations) of these fd which libc makes many assumptions
about; problem noted by James Youngman
Previous By Date Next
Previous By Thread Next

Current thread: