Concerning possible bugs in the 'inn' package

Forrest J. Cavalier III forrest at mibsoftware.com
Fri Sep 2 21:06:04 UTC 2005


Russ Allbery wrote:

> 
> This problem only has security implications if one of the first three file
> descriptors is closed, yes?  Isn't there a way to determine whether a file
> descriptor is open or closed?

Not that I know of, but you are more aware of platform variations and portability
than I am.  I am always asked to be writing code that runs on Windows and
*nix without changes, which is not the same kind of awareness.

What about checking the return value of open(), and repeating until you get fds above
the range considered unsafe.  I don't know if that is a comon way to do it.



More information about the inn-bugs mailing list