You know what’s dumb about Unix?

If you don’t inherit a standard error stream, the first file you open becomes standard error.

@alexbuzzbee yeah, and this is nicely abusable with setuid programs

$ some-setuid-program --foo=invalid-but-contolled-value 2>&-

@bugaevc Is there standard practice for preventing this kind of attack?

Follow

@alexbuzzbee I haven't heard of a standard practice, but it should be simple enough, e.g.

int fd;
do {
fd = open("/dev/null", O_RDWR);
} while (fd <= 2);
close(fd);

Sign in to participate in the conversation
Mastodon for Tech Folks

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!