[sudo-workers] Re: closing all the file descriptors
Todd C. Miller
Todd.Miller at courtesan.com
Fri Dec 10 12:15:02 EST 2004
In message <20041210152106.GB14760 at cosy.cit.nih.gov>
so spake Anthony Iano-Fletcher (Anthony.Iano-Fletcher):
> -O sounds good. Perhaps it should have an argument which is the upper
> limit of file descriptors to keep open (such as -O 4). This would
> limit the side effects but allow for a variable number of extra
> side-bands.
Seems reasonable.
> What would be the security implications of allowing any user to do this?
> As I see it:
> . the targer user might be able to write some files previously
> opened by the source user, but the source user needs to beware.
Right.
> . the source user mmight know of a buffer overflow in some
> command when reading a high file descriptor. Administrator
> beware. Of course this is more likely for STDIN than anything
> else.
That's a good point. This is especially relevant for programs using
select and non-dynamic fd_set buffers.
> Is a sudoers file flag required because of the latter issue?
Probably. In an ideal world any extra fds should be closed before
sudoers is parsed. I suppose it is not too dangerous to defer this
until just before the program is executed, though.
- todd
More information about the sudo-workers
mailing list