by redmail.netbsd.org with SMTP; 12 Sep 1999 00:53:38 -0000
	by rfhs8012.fh-regensburg.de (8.9.3/8.9.3) with ESMTP id CAA16887
	for <tech-security@netbsd.org>; Sun, 12 Sep 1999 02:53:32 +0200 (MET DST)
	by rfhs8036.fh-regensburg.de (8.9.3/8.9.3) with ESMTP id CAA21021
	for <tech-security@netbsd.org>; Sun, 12 Sep 1999 02:53:31 +0200 (MET DST)
Date: Sun, 12 Sep 1999 02:53:31 +0200 (MET DST)
From: Hubert Feyrer <feyrer@rfhs8012.fh-regensburg.de>
Reply-To: Hubert Feyrer <hubert.feyrer@rz.uni-regensburg.de>
To: tech-security@netbsd.org
Subject: Re: Patch: security (fwd)
Message-ID: <Pine.GSO.4.05.9909120252360.17122-100000@rfhs8036.fh-regensburg.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


FYI.
I've OK'd the patch, but maybe this should be approached on a wider base
in NetBSD.


 - Hubert

-- 
NetBSD - Better for your uptime than Viagra

---------- Forwarded message ----------
Date: Sat, 11 Sep 1999 13:47:00 +0100 (BST)
From: Joseph S. Myers <jsm28@cam.ac.uk>
To: Hubert Feyrer <hubert.feyrer@rz.uni-regensburg.de>
Subject: Re: Patch: security

On Sat, 11 Sep 1999, Hubert Feyrer wrote:

> Question: 
> > Games with scorefiles should make sure they do not get a file
> > descriptor < 3.
> 
> What is this good for? 

If it gets fd 0, 1 or 2, the game may get confused and corrupt the
scorefile when trying to use stdin, stdout or stderr.  (I don't know
whether this is actually a problem on NetBSD - OpenBSD fixed this in the
kernel by ensuring that setuid and setgid programs have fds 0, 1, 2 open
to /dev/null if not open at program startup, and on Linux glibc 2.1.2 does
the same thing - but I think these checks are still desirable for portable
secure programs.)

OK to commit complete with the fd 0, 1, 2 checks?

-- 
Joseph S. Myers
jsm28@cam.ac.uk