I asked:
[csh/sh Scripts called from mailtool]
> The first 2.x Users reported that the Mail Processing dies with
> an Error Message along the Lines of "/dev/fd/3: cannot open", with
> proper Tracing showing a read-only open() returning ENOENT.
>
> These Days, a 2.x User reported back experiencing the same Error
> on *some* Hosts with the Bourne Version, too.
>
> Anyone able to clue me in?
Thanks to:
scott hollatz <shollatz@d.umn.edu> for responding
peter@ZIB-Berlin.DE (Klaus Peter) for actually doing Debugging
Unfortunately, this remains an open Problem. Fact is that as soon as a
setuid or setgid Executable tries to start a Shell Script, the respective
Shell *might* get told to execute /dev/fd/3 instead of the Script (an
excellent Hook for a Trojan Horse IMHO), and even if so, the correct
Script *might* get executed though $0 still reports /dev/fd/3 which has
no Correspondence whatsoever to the Script. SUN is looking into it.
I'm under the Impression that complete Failures are more likely to
occur when the respective Host doesn't have a full Range of /dev/fd/*
Devices.
As a Stop-Gap Measure, I adapted the Scripts to be runnable under ksh.
>From the 2.x plain Vanilla Shells I know (sh, csh, ksh - is there a
tcsh or zsh included as well?), csh seems to be most vulnerable and
ksh the least. (Repeat: Yes, different Shells on the same Host may pro-
duce different Results!)
Regards,
J. Bern
-- /\ /""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""\ / \/ bern@uni-trier.de (Size Limit!) | P.O. Box 1203 | Ham: \/\ / J. \ bern@ti.uni-trier.de (SUNAttachm.OK) | D-54202 Trier | DD0KZ / \ \Bern/ No Finger etc.; Use Mail (Subj. "##" for Autoreply List) and \ / \ /\ WWW. /\/ \/ \____________________________________________________________/
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:33 CDT