You know what’s dumb about Unix?

If you don’t inherit a standard error stream, the first file you open becomes standard error.

@alexbuzzbee yeah, and this is nicely abusable with setuid programs

$ some-setuid-program --foo=invalid-but-contolled-value 2>&-

@bugaevc Is there standard practice for preventing this kind of attack?

@alexbuzzbee I haven't heard of a standard practice, but it should be simple enough, e.g.

int fd;
do {
fd = open("/dev/null", O_RDWR);
} while (fd <= 2);

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.