Yes. It definitely is. And it actually also solves the second problem,
contrary to what I said before. If the "standard" fds get "sanitised"
this way, then nullfd gets the 0 fd and the socket can definitely not
get it afterwards. I don't know what got mixed up in my mind :-(

Please acccept my humble apologies.

Nevertheless, this had to be corrected, and it now is.

Thanks.


> This is better:
>
> Index: misc.c
> ================================================== =================
> RCS file: /cvs/src/usr.bin/ssh/misc.c,v
> retrieving revision 1.40
> diff -u -p -r1.40 misc.c
> --- misc.c 2 Jan 2006 07:53:44 -0000 1.40
> +++ misc.c 5 Jan 2006 04:23:44 -0000
> @@ -601,18 +601,20 @@ tun_open(int tun, int mode)
> void
> sanitise_stdfd(void)
> {
> - int nullfd;
> + int nullfd, dupfd;
>
> - if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
> + if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
> fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
> exit(1);
> }
> - while (nullfd < 2) {
> - if (dup2(nullfd, nullfd + 1) == -1) {
> + while (++dupfd <= 2) {
> + /* Only clobber closed fds */
> + if (fcntl(dupfd, F_GETFL, 0) >= 0)
> + continue;
> + if (dup2(nullfd, dupfd) == -1) {
> fprintf(stderr, "dup2: %s", strerror(errno));
> exit(1);
> }
> - nullfd++;
> }
> if (nullfd > 2)
> close(nullfd);


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev