At 2005-01-12T10:09:47+1300, Carl Cerecke wrote:
> Do you mean the programs in question had no error handling for
> descriptors 0,1,2 because they expected them to be open and set up
> correctly?
An explanation by example:
1. Process closes stderr.
2. Process exec()s program with previously mentioned bug (i.e. most
programs). Program inherits existing file descriptor table.
3. Program open()s critical data file. open() returns first free file
descriptor, i.e. 3.
4. (Later) Program writes to stderr (e.g. perror(0)), which results in
a write() to the standard fd for stderr, fd 3.
5. Boom.
Cheers,
-mjg
--
Matthew Gregan |/
/| [EMAIL PROTECTED]
