[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how does O_NOCTTY help? [Re: bug in chdir-safer
|
From: |
Jim Meyering |
|
Subject: |
Re: how does O_NOCTTY help? [Re: bug in chdir-safer |
|
Date: |
Fri, 10 Feb 2006 09:31:09 +0100 |
Paul Eggert <address@hidden> wrote:
> Jim Meyering <address@hidden> writes:
>
>> how can setting the controlling terminal cause trouble if we're
>> guaranteed never to read from or write to the corresponding file
>> descriptor.
>
> Once the terminal controls you, someone typing Control-C on that
> terminal can send you a signal, even if you're not reading or writing
> to the corresponding file descriptor. On hosts where O_NOCTTY is
> significant, and which do not support O_DIRECTORY (Solaris, for
> example), this can cause an attacker to kill a seemingly-unrelated
> directory-traversal process.
Ahh.. Thanks for explaining.
So O_NOCTTY is definitely worthwhile, if only to avoid
exposure for the time between an open and close of /dev/tty,
assuming the process in question already had no controlling terminal.
Right?
- how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/09
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/09
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/09
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Paul Eggert, 2006/02/10
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer,
Jim Meyering <=
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Paul Eggert, 2006/02/10
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/12
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Paul Eggert, 2006/02/12
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/14
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Paul Eggert, 2006/02/14