Hi,
Invoking a setuid/setgid process with fd 0, 1 or 2 closed is apparently a
security risk (libc treats fds 0,1,2 specially and if the program
opens a new file it may get assigned any unused fd). I don't know the
full details of the problem, but several OSes (Net/Free/OpenBSD) now log a
warning if a setuid program is invoked with its fd 0,1 or 2 closed.
After upgrading to NetBSD-1.6_BETA, my server constantly complains about
exim invoking setuid processes with fds 0, 1 and 2 closed. Has this been
addressed at all in exim (I couldn't find any reference to it on the
mailing list)? The work around is to dup2 /dev/null on the fd you wish to
close.
I'm about to submit a patch to NetBSD pkgsrc (exim 3.34) to avoid the
problem there. This isn't already fixed in 3.35 is it (it wasn't
mentioned in the changelog)?
Thanks,
Rick
