* Jamie Lokier [2020-05-01 17:10:24 +0100]:
> Hi Matt,
>
> > Not really sure of a good workaround.
>
> You can fchmod() or fchown() the pipe descriptor, with fchown() being more
> secure.
>
> # echo hello | (ls -lL /proc/self/fd/0; sudo -u nobody cat
> /proc/self/fd/0)
> prw--- 1
Hi Matt,
Matt Johnston wrote:
> Not really sure of a good workaround.
You can fchmod() or fchown() the pipe descriptor, with fchown() being more
secure.
# echo hello | (ls -lL /proc/self/fd/0; sudo -u nobody cat /proc/self/fd/0)
prw--- 1 root root 0 May 1 17:06 /proc/self/fd/0
Hi Szabolcs,
Ah, that's a bit nasty. I guess the difference is that OpenSSH runs the daemon
as the user, while Dropbear runs as root.
The procfs manpage mentions the problem.
http://man7.org/linux/man-pages/man5/proc.5.html
Note that for file descriptors referring to inodes (pipes