Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <mvmmsr4ole0.fsf@suse.de>
Date: Mon, 11 Mar 2024 16:09:43 +0100
From: Andreas Schwab <schwab@...e.de>
To: "Skyler Ferrante (RIT Student)" <sjf5462@....edu>
Cc: Alejandro Colomar <alx@...nel.org>,  Thorsten Glaser <tg@...bsd.de>,
  Rich Felker <dalias@...c.org>,  musl@...ts.openwall.com,  NRK
 <nrk@...root.org>,  Guillem Jover <guillem@...rons.org>,
  libc-alpha@...rceware.org,  libbsd@...ts.freedesktop.org,  "Serge E.
 Hallyn" <serge@...lyn.com>,  Iker Pedrosa <ipedrosa@...hat.com>,
  Christian Brauner <christian@...uner.io>
Subject: Re: Re: Tweaking the program name for <err.h> functions

On Mär 11 2024, Skyler Ferrante (RIT Student) wrote:

> It seems like this is the main thing shadow-utils (and other projects)
> should be concerned about. Every setuid/setgid program should check
> for fd 0,1,2 being open at the start of execution, and either abort or
> open new fds to /dev/null to prevent file descriptor omission attacks.

That's what glibc already does.

-- 
Andreas Schwab, SUSE Labs, schwab@...e.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.