From: utzoo!decvax!duke!unc!mcnc!rti!trt Newsgroups: net.unix-wizards Title: Re: More on SUID and exec Article-I.D.: rti.1016 Posted: Mon Feb 14 11:59:49 1983 Received: Wed Feb 16 06:10:43 1983 References: mitccc.309 FIOCLEX provides a simple way to ensure that sensitive files are not passed along to unscrupulous programs. For example, consider an SUID game program that opens a "secret" file and permits the player to "!sh". It may carefully revert uid/gid but if it does not close the restricted file, well, it is not a restricted file, is it? Steve Bellovin noticed this danger some years back and recommended liberal use of FIOCLEX as the cure. A+ news has a local version of fopen(III), something like: FILE * xfopen(file, mode) char *file, *mode; { FILE *fp; if ((fp = fopen(file, mode)) == NULL) { it didnt work } ioctl(fileno(fp), FIOCLEX, NULL); return(fp); } Alternatively, one can keep a list of file descriptors which must be closed prior to an exec(II). I prefer the ioctl. FIONCLEX undoes FIOCLEX, and is probably just for completeness. It can be simulated with dup(II) and close(II). I could find no use of FIONCLEX in all of /usr/src/cmd. Tom Truscott P.S. Perhaps FIOCLEX should be the default when a file is opened. A few programs such as init/getty/login/sh would then need to use FIONCLEX.