Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: [PATCH2] Re: avoid closed stdin() in zle widgets



2017-06-12 14:34:49 +0000, Daniel Shahaf:
[...]
> Incompatible changes should be mentioned in NEWS or README.
[...]
> I'm not convinced that the change should be made.  Devil's advocate
> argues that this is a bug in dircolors(1), so (a) as an immediate
> workaround, people with a buggy dircolors(1) command should redirect
> stdin from /dev/null when invoking it, (b) those people should fix their
> dircolors(1) command to not assume fd 0 is open.
[...]

While I agree there's a bug in dircolors, closing stdin, stdout
or stderr is widely regarded as antisocial and bad practice
(a number of security vulnerabilities could be exploited in the
past by closing 0,1,2. glibc does reopen stdin on /dev/full and
stdout/stderr on /dev/null (apparently) when they are closed
when running in setid/setgid (AT_SECURE) executables to guard
against this type of abuse).

-- 
Stephane



Messages sorted by: Reverse Date, Date, Thread, Author