Henrik Nordstrom wrote: > > There is a similar problem for descriptors 1 and 2, particularly in > > setuid programs. > > True. It isn't really a problem for daemons (deamons are usually not > suid, and started in a controlled environment), but for suid programs > yes. > > What about this code: [snip] > Keep stdout/stderr if open, else use /dev/null. There was some discussion on bugtraw about how to prevent this automatically. I believe that the consensus was that an attempt to exec() a setuid/setgid program should fail with EPERM if either stdout or stderr were closed. I believe that there are plans to implement this feature. -- Glynn Clements <[EMAIL PROTECTED]>
