Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!nyit!rick From: rick@nyit.UUCP (Rick Ace) Newsgroups: net.unix-wizards Subject: Re: Conventional daemons Message-ID: <235@nyit.UUCP> Date: Tue, 6-May-86 10:14:32 EDT Article-I.D.: nyit.235 Posted: Tue May 6 10:14:32 1986 Date-Received: Thu, 8-May-86 07:36:27 EDT References: <2177@brl-smoke.ARPA> <6636@utzoo.UUCP> Organization: NYIT Computer Graphics Lab., Old Westbury, N.Y. Lines: 38 > > [Why do daemons open / as stdin/stdout/stderr?] > > The real question was, why open anything? Surely there's > > nothing functionally useful about opening stdin/stdout on > > "/" and it could be a potential hazard if ported... > > You have to open *something*, because innocently writing an error message > to stderr could be a disaster if the program got 2 as the descriptor for > an explicit open of some important file. This is one way of subverting > setuid programs, in fact. > > Our daemons open /dev/null for stdin and stdout and a log file for stderr. > -- > Support the International > League For The Derision Henry Spencer @ U of Toronto Zoology > Of User-Friendliness! {allegra,ihnp4,decvax,pyramid}!utzoo!henry Yes, the arguments about having to open *something* are indeed true. But, conceivably (not likely, I'll admit), someone might have removed /dev/null. If your daemons don't check for an error when they open it, you'll wind up with file descriptors 0 and 1 unopened, and the same setuid security bugs you're trying to avoid. It's a solid bet, though, that if your daemon is executing with uid 0, you'll be able to open "/" for reading. Given that you want to open something, "/" is at least as likely to exist as any other object in the filesystem, so it's a good choice in that regard. If the daemon were accidentally to read from file descriptor 0 ("/") and make some decisions based upon what it got, it could keep the system programmer occupied for a while :-). ----- Rick Ace Computer Graphics Laboratory New York Institute of Technology Old Westbury, NY 11568 (516) 686-7644 {decvax,seismo}!philabs!nyit!rick