Date: Fri, 19 Apr 2002 13:44:25 +0100 From: Brian Somers <brian@freebsd-services.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Brian Somers <brian@freebsd-services.com>, Garrett Wollman <wollman@lcs.mit.edu>, "J. Mallett" <jmallett@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h Message-ID: <200204191244.g3JCiPSg073492@hak.lan.Awfulhak.org> In-Reply-To: Message from Poul-Henning Kamp <phk@critter.freebsd.dk> of "Fri, 19 Apr 2002 13:35:57 %2B0200." <11657.1019216157@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <200204191125.g3JBPCSg072782@hak.lan.Awfulhak.org>, Brian Somers wri > tes: > > >I agree with Garrett. This change is *very* broken. > > > >[...] > > > >Agreed, a program that does this is broken, but I believe the program > >needs to be fixed, not the kernel. > > While I agree that this change is not quite orthodox, I don't think > we can educate the masses of lousy programmers out there to not > do stupid things any time soon. > > I can't think of any programs that will break as a result of this, > in particular I cannot think of any setuid programs which it will > break. > > OpenBSD has done this for a couple of years, and that hasn't rid us > of Theo so it obviously is not a total catastrophy. > > Finally, since this has not been discussed on any lists, I would > expect this to be in reponse to some tangible threat, (most likely > somewhere in ports ?) so we probably don't have much of a choice > anyway. > > So can we avoid giving our security-officer a hard time for doing > his job ? Please ? After looking into things further, it's Garrett's suggested alternative that I have a problem with. close(x) if (open(file, flags) != x) is done in many places (bin/sh and usr.sbin/ppp to name two). I can't think of anything ``usual'' that the committed change would break (except perhaps some standard). > Thankyou! > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. -- Brian <brian@freebsd-services.com> <brian@Awfulhak.org> http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org> Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204191244.g3JCiPSg073492>