> Richard Guenther wrote:
> > Replacing stdin deals with the race conditions that prevent
> > scripts from being suid in the first place. Of course it
> > prevents the script from reading stdin, too.
>
> Preventing the script from reading stdin is pretty severe don't you
> think? Alternatives:
>
> - Open fd 3, pass /proc/self/fd/3 as the script name.
And rewrite each program to _not_ open("/proc/self/fd/3") as
this is just a symlink to the real file, i.e. I could have passed
the filename right away.
stdin replacement seems the only way to deal with this _without_
rewriting the interpreters to know about /proc/self/script.
[I could just add an option to interpreter to take a fd as argument
anyway]
> - Pass /proc/self/script as the script name and add code to proc
> to support this -- this provides the interpreter with fds 0,1 & 2
> as the only open ones which it may be expecting.
see above. of course, with appropriate /proc/self/script that handles
open() just fine (in fact ignores the open and just returns the fd)
this would be fine. Implementation would be ugly though. How (where)
do you pass the information to /proc? (that 3 is the script fd)
Probably you have to add this to struct task? or just reserve fd number
3 for this and nothing else (would this break any userspace semantics?
i.e. open() never returns fd 3, fd 3 is reserved for script passing
only).
Richard.
-- Richard Guenther <richard.guenther@student.uni-tuebingen.de> PGP: 2E829319 - 2F 83 FC 93 E9 E4 19 E2 93 7A 32 42 45 37 23 57 WWW: http://www.anatom.uni-tuebingen.de/~richi/
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/