Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
- From: Troy Bollinger <troy@xxxxxxxxxxxxxx>
- Date: Sat, 20 Jan 2007 15:18:14 -0600
On Sat, Jan 20, 2007 at 08:43:33PM +0300, eugeny gladkih wrote:
well, but what is used for stdout if it's closed in the parent
process just before fork(2) call?!
If I recall correctly, setuid and setgid programs with closed stdin,
stdout or stderr will open /dev/null during exec.
This fix was added to AIX back in 1999 or so.
--
Troy Bollinger <troy@xxxxxxxxxxxxxx>
Network Security Analyst
PGP keyid: 1024/0xB7783129
Troy's opinions are not IBM policy
- References:
- Multiple OS kernel insecure handling of stdio file descriptor
- From: XFOCUS Security Team
- Re: Multiple OS kernel insecure handling of stdio file descriptor
- From: Shiva Persaud
- Re: Multiple OS kernel insecure handling of stdio file descriptor
- From: eugeny gladkih
- Multiple OS kernel insecure handling of stdio file descriptor
- Prev by Date: [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
- Next by Date: XMB "U2U Instant Messenger" Cross-Site Scripting
- Previous by thread: Re: Multiple OS kernel insecure handling of stdio file descriptor
- Next by thread: FW: [cacti-announce] Cacti 0.8.6j Released
- Index(es):
Relevant Pages
|
|
