At 2005-01-12T10:09:47+1300, Carl Cerecke wrote:
Do you mean the programs in question had no error handling for descriptors 0,1,2 because they expected them to be open and set up correctly?
An explanation by example:
1. Process closes stderr. 2. Process exec()s program with previously mentioned bug (i.e. most programs). Program inherits existing file descriptor table. 3. Program open()s critical data file. open() returns first free file descriptor, i.e. 3. 4. (Later) Program writes to stderr (e.g. perror(0)), which results in a write() to the standard fd for stderr, fd 3. 5. Boom.
Thanks. Presumably you're actually talking about fd 2 in steps 3 & 4. This could be partly solved by the OS by never reusing file descriptors lower than 3. perror would then probably fail silently, but fprintf(2,xxx) (which I'm guessing perror uses) would correctly return -1.
Cheers, Carl.
