Re: propsal: all daemons should chdir / on startup
Guy Maor writes:
> I don't think it's the policy document's job to teach people how to do
> Unix system programming.
Agreed. A pointer to Stevens (or better yet, online tutorial which also
covered switching between uids) wouldn't hurt, though.
> Lack of an setsid() doesn't necessarily imply that there's a bug.
> There are other, more complicated, ways to make sure that you don't
> have a controlling terminal, but unless you care about ancient Unixes
> I wouldn't worry about them.
Doesn't being in a prosess group also affect signals? What if attacker
forks until it gets pid==sid_of_target_which_forgot_setsid and calls
setsid() and kill(pid_of_target)? I tried reading kernel sources, but got
lost.
> Startup code for a daemon would usually look something like (naturally
> you would have to add error checking):
>
> if (fork() == 0)
> exit(0);
> setsid();
> chdir("/");
> umask(0);
> for (i=0; i<sysconf(_SC_OPEN_MAX); i++)
> close(i);
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
for fake std{in,out,err}
-Topi
Reply to: