Paul Eggert <[EMAIL PROTECTED]> wrote: > Jim Meyering <[EMAIL PROTECTED]> writes: > >> how can setting the controlling terminal cause trouble if we're >> guaranteed never to read from or write to the corresponding file >> descriptor. > > Once the terminal controls you, someone typing Control-C on that > terminal can send you a signal, even if you're not reading or writing > to the corresponding file descriptor. On hosts where O_NOCTTY is > significant, and which do not support O_DIRECTORY (Solaris, for > example), this can cause an attacker to kill a seemingly-unrelated > directory-traversal process.
Ahh.. Thanks for explaining. So O_NOCTTY is definitely worthwhile, if only to avoid exposure for the time between an open and close of /dev/tty, assuming the process in question already had no controlling terminal. Right? _______________________________________________ Bug-coreutils mailing list Bug-coreutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-coreutils
