tech-security: Ensuring set{g,u}id processes have fd 0, 1, & 2 allocated.

Subject: Ensuring set{g,u}id processes have fd 0, 1, & 2 allocated.
To: None <tech-security@netbsd.org>
From: David Brownlee <abs@anim.dreamworks.com>
List: tech-security
Date: 01/10/1999 11:56:25

	OpenBSD does this in kern_exec.c

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/kern_exec.c?r1=1.19&r2=1.20

	this avoids attacks that involve closing one or more of fd{0,1,2}
	and running a setuid program that opens a filedescriptor for
	any reason then	tries to use one of the standard descriptors.

	The other approach would be to modify every set{g,u}id program
	to exit if any of the three descriptors are closed.

	Would anyone object if the above patch was added to NetBSD?

		David/absolute

.---- I've been too drunk to love ----.-- I've been too drunk to remember -.
|          too drunk to care          |    the hell of the night before    |
|  looked like death, felt like hell  |   I've been drinking myself blind  |
`------ been the worse for wear ------'-- and still I'll drink some more --'