Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!teddy!panda!talcott!harvard!seismo!brl-tgr!tgr!ron@BRL-TGR From: Ron NatalieNewsgroups: net.unix-wizards Subject: Re: unexpected alarms Message-ID: <7175@brl-tgr.ARPA> Date: Thu, 10-Jan-85 13:12:02 EST Article-I.D.: brl-tgr.7175 Posted: Thu Jan 10 13:12:02 1985 Date-Received: Sun, 13-Jan-85 07:39:43 EST Sender: news@brl-tgr.ARPA Organization: Ballistic Research Lab Lines: 15 All the manuals I have indicate that alarms are supposed to continue accross execs. This is just an example of people who are writing set-uid code not taking the time to think things out. Set-UID programs just have to be written more robustly than non-setuid programs because of the implications. For example: a few years ago, I managed to blow away /etc/passwd by closing down file descriptor 1 before execing "passwd." It opens up /etc/passwd (coincidentally on file 1) and then starts printing stuff on stdout, which is /etc/passwd. Now I don't see anyone advocating changing it so setuid programs must return numbers greater than 2 from open. System Programmers Must Be Careful. -Ron Let the air out of your shoes and relax.