A possible security bug fix
Jim Davis
davis at hplabs.UUCP
Sat Jul 30 09:31:20 AEST 1983
With reference to Bob English's comment:
"I don't think the '$ foo 2>&-' complaint is a
valid one. It could be easily addressed either
by '$ foo 2>& /dev/null' or by having the
shell itself do the /dev/null connection when
the user attempts to disconnect one of the
standard outputs."
First, the '$ foo 2>& /dev/null' solution has nothing to
do with the security aspects. Simply because the user has the option
not to attempt to break security does not cause a system to BE secure.
Second, the solution of having the shell disallow leaving a standard
stream unconnected does solve a small part of the problem. However,
it has two disadvantages. One may actually wish to have a standard
stream disconnected.(I don't know why, but let's think before we
restrict functionality.) A much stronger flaw is that the shell does
not spawn all programs. A user wishing to break security will spawn
programs by herself.
Either programs should be prepared to handle standard
streams being unconnected,(the point of the original submission)
or the operating system must force all programs to have valid
standard streams. I prefer the first approach, others may
prefer otherwise. Comments anyone?
Jim Davis (James W Davis)
...!ucbvax!hplabs!davis
davis.HP-Labs at UDel-Relay
----------------------------------------------------------------
More information about the Comp.unix.wizards
mailing list