Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!henry
From: henry@utzoo.UUCP (Henry Spencer)
Newsgroups: net.unix-wizards
Subject: Re: Conventional daemons
Message-ID: <6668@utzoo.UUCP>
Date: Thu, 8-May-86 15:34:25 EDT
Article-I.D.: utzoo.6668
Posted: Thu May  8 15:34:25 1986
Date-Received: Thu, 8-May-86 15:34:25 EDT
References: <2177@brl-smoke.ARPA> <6636@utzoo.UUCP>, <235@nyit.UUCP>
Organization: U of Toronto Zoology
Lines: 15

> > Our daemons open /dev/null for stdin and stdout and a log file for stderr.
> 
> Yes, the arguments about having to open *something* are indeed true.
> But, conceivably (not likely, I'll admit), someone might have removed
> /dev/null.  If your daemons don't check for an error when they open it,
> you'll wind up with file descriptors 0 and 1 unopened, and the same
> setuid security bugs you're trying to avoid.

Our daemons most assuredly check to make sure, not only that the open
succeeded, but that it got the right descriptor.  No competent programmer
in his right mind does an open (or a malloc) without checking the result
for failure.
-- 
Join STRAW: the Society To	Henry Spencer @ U of Toronto Zoology
Revile Ada Wholeheartedly	{allegra,ihnp4,decvax,pyramid}!utzoo!henry