[Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
eugeny gladkih
john at drweb.com
Sat Jan 20 17:43:33 GMT 2007
>>>>> "SP" == Shiva Persaud <shivapd at austin.ibm.com> writes:
>> XFOCUS team (http://www.xfocus.org/) had discovered Multiple OS kernel
>> insecure handling of stdio file descriptor.
>>
>> ===================
>> Affected OS Version
>>
>> AIX 5.3
SP> The AIX Security Team can be reached at security-alert at austin.ibm.com.
SP> We have investigated this issue and AIX is not affected. A privileged
SP> process will not inherit closed file descriptors for stdio, stdout and
SP> stderr.
well, but what is used for stdout if it's closed in the parent
process just before fork(2) call?!
--
Yours sincerely, Eugeny.
Doctor Web, Ltd. http://www.drweb.com
Full-Disclosure is hosted and sponsored by Secunia.