[musl] Re: Tweaking the program name for <err.h> functions
Florian Weimer
fweimer at redhat.com
Mon Mar 11 18:23:02 UTC 2024
* Skyler Ferrante:
> Hmm, maybe I'm missing something, but it seems you can close(fd) for
> the standard fds and then call execve, and the new process image will
> have no fd 0,1,2. I've tried this on a default Ubuntu 22.04 system.
> This seems to affect shadow-utils and other setuid/setgid binaries.
>
> Here is a repo I built for testing,
> https://github.com/skyler-ferrante/fd_omission/. What is the correct
> glibc behavior? Am I misunderstanding something?
If you run it under strace, it's not running SUID (in AT_SECURE mode).
I'm not saying we don't have bugs (although we do have some end-to-end
AT_SECURE tests in the testsuite, but probably not for this legacy
behavior), just that this approach to testing is questionable.
Thanks,
Florian
More information about the libbsd
mailing list