[sudo-workers] Re: closing all the file descriptors

Todd C. Miller Todd.Miller at courtesan.com
Fri Dec 10 12:15:02 EST 2004

In message <20041210152106.GB14760 at cosy.cit.nih.gov>
	so spake Anthony Iano-Fletcher (Anthony.Iano-Fletcher):

> -O sounds good. Perhaps it should have an argument which is the upper
> limit of file descriptors to keep open (such as -O 4).  This would
> limit the side effects but allow for a variable number of extra
> side-bands.

Seems reasonable.

> What would be the security implications of allowing any user to do this?
> As I see it:
> 	. the targer user might be able to write some files previously
> 	opened by the source user, but the source user needs to beware.


> 	. the source user mmight know of a buffer overflow in some
> 	command when reading a high file descriptor. Administrator
> 	beware. Of course this is more likely for STDIN than anything
> 	else.

That's a good point.  This is especially relevant for programs using
select and non-dynamic fd_set buffers.

> Is a sudoers file flag required because of the latter issue?

Probably.  In an ideal world any extra  fds should be closed before
sudoers is parsed.  I suppose it is not too dangerous to defer this
until just before the program is executed, though.

 - todd

More information about the sudo-workers mailing list