From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <musl-return-20599-ml=inbox.vuxu.org@lists.openwall.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: from second.openwall.net (second.openwall.net [193.110.157.125])
	by inbox.vuxu.org (Postfix) with SMTP id C2B8D26D78
	for <ml@inbox.vuxu.org>; Mon, 11 Mar 2024 16:45:14 +0100 (CET)
Received: (qmail 5349 invoked by uid 550); 11 Mar 2024 15:41:05 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 15751 invoked from network); 11 Mar 2024 15:05:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1710169783; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lol/s+uX9HIAw2SYgzxHsPXCUbCsjbnQpiFmGpaErYs=;
	b=sUYuSDL8gbf0aHxUP3Y5bIKh72EINveTKQNdOUYRx+CVxdWob6KcDhllNUph8R58HW3QnL
	Mc8KUjFu4l7r3OGfwf253VISmNUmXznlPiX8Swxb2ELKo9g7gRe8KUYwXTwfO57oSlnkRQ
	qdrhQbBNAgTs7xcdp5Vm9ZvRImIL1xM=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1710169783;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lol/s+uX9HIAw2SYgzxHsPXCUbCsjbnQpiFmGpaErYs=;
	b=gGSBAnBHHDbmUsxOx15Z45D39dpuDQombJzRKitGFfTouk6MQxeegBDo9gFIdTxzUW0Tj+
	qDac19exqnixwvDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1710169783; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lol/s+uX9HIAw2SYgzxHsPXCUbCsjbnQpiFmGpaErYs=;
	b=sUYuSDL8gbf0aHxUP3Y5bIKh72EINveTKQNdOUYRx+CVxdWob6KcDhllNUph8R58HW3QnL
	Mc8KUjFu4l7r3OGfwf253VISmNUmXznlPiX8Swxb2ELKo9g7gRe8KUYwXTwfO57oSlnkRQ
	qdrhQbBNAgTs7xcdp5Vm9ZvRImIL1xM=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1710169783;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lol/s+uX9HIAw2SYgzxHsPXCUbCsjbnQpiFmGpaErYs=;
	b=gGSBAnBHHDbmUsxOx15Z45D39dpuDQombJzRKitGFfTouk6MQxeegBDo9gFIdTxzUW0Tj+
	qDac19exqnixwvDw==
From: Andreas Schwab <schwab@suse.de>
To: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: Alejandro Colomar <alx@kernel.org>,  Thorsten Glaser <tg@mirbsd.de>,
  Rich Felker <dalias@libc.org>,  musl@lists.openwall.com,  NRK
 <nrk@disroot.org>,  Guillem Jover <guillem@hadrons.org>,
  libc-alpha@sourceware.org,  libbsd@lists.freedesktop.org,  "Serge E.
 Hallyn" <serge@hallyn.com>,  Iker Pedrosa <ipedrosa@redhat.com>,
  Christian Brauner <christian@brauner.io>
In-Reply-To: <CAEOG19qSWnH6WVuTCVZLfTr1HhZnu_W86r7B-64CJrRvhyh_zQ@mail.gmail.com>
	(Skyler Ferrante's message of "Mon, 11 Mar 2024 10:46:45 -0400")
References: <ZephTZUYSrv1TVkH@debian>
	<20240309150258.GS4163@brightrain.aerifal.cx>
	<ZeyFHOoY5gJWgc4X@debian>
	<vkjv3ntkak7egz6g7gpu7ojel6nvrjjcf4fq7iymatmn7qkoai@6onkgtmfjpgu>
	<Ze2y-UNcfLNZypYu@debian>
	<mr7ct4d47hn7bkhlj2ktcossu2q663pre6ggc5elkprveu4r3t@xowlfk5bccce>
	<20240310193956.GU4163@brightrain.aerifal.cx>
	<Pine.BSM.4.64L.2403102322220.18628@herc.mirbsd.org>
	<20240310234410.GW4163@brightrain.aerifal.cx>
	<Pine.BSM.4.64L.2403110017360.18628@herc.mirbsd.org>
	<Ze5UdYsZ6H9i6lMd@debian>
	<CAEOG19qSWnH6WVuTCVZLfTr1HhZnu_W86r7B-64CJrRvhyh_zQ@mail.gmail.com>
X-Yow: He is the MELBA-BEING...  the ANGEL CAKE...
  XEROX him...  XEROX him --
Date: Mon, 11 Mar 2024 16:09:43 +0100
Message-ID: <mvmmsr4ole0.fsf@suse.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp-out2.suse.de;
	none
X-Spamd-Result: default: False [-3.75 / 50.00];
	 ARC_NA(0.00)[];
	 FROM_HAS_DN(0.00)[];
	 TO_DN_SOME(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[text/plain];
	 DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 NEURAL_HAM_SHORT(-0.14)[-0.721];
	 RCPT_COUNT_TWELVE(0.00)[12];
	 DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email];
	 FUZZY_BLOCKED(0.00)[rspamd.com];
	 RCVD_COUNT_ZERO(0.00)[0];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 MID_RHS_MATCH_FROM(0.00)[];
	 BAYES_HAM(-2.51)[97.78%]
Subject: Re: [musl] Re: Tweaking the program name for <err.h> functions

On Mär 11 2024, Skyler Ferrante (RIT Student) wrote:

> It seems like this is the main thing shadow-utils (and other projects)
> should be concerned about. Every setuid/setgid program should check
> for fd 0,1,2 being open at the start of execution, and either abort or
> open new fds to /dev/null to prevent file descriptor omission attacks.

That's what glibc already does.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."