Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: /dev/null and execve()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /dev/null and execve()

Subject: Re: /dev/null and execve()
From: Terry Lambert <email@hidden>
Date: Tue, 22 May 2007 15:43:34 -0700

On May 21, 2007, at 10:16 PM, Todd Heberlein wrote:

I apologize if this is a bonehead question, but why is the Mac doing an execve() on "/dev/null"?
Here is the BSM audit record from a PowerPC showing the execve:
header,123,1,execve(2),0,Mon May 21 09:30:23 2007, + 431 msec path,/dev/null path,/dev/null attribute,20666,root,wheel,46807492,0,50331650 subject,heberlei,heberlei,staff,heberlei,staff, 452,384,50331650,0.0.0.0 return,success,0 trailer,123

It's not executing it, it's opening /dev/null so that fd's 0, 1, and 2 are allocated for you, in case you are running an SUID program and forgot to be as careful with your coding as you should have been.

If you look at the Darwin sources, you will see this happening in xnu.bsd/kern_exec.c in the function exec_handle_sugid().

-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



References:  
  >(no subject) (From: Todd Heberlein <email@hidden>)




Prev by Date:
Re: System.framework/PrivateHeaders

Next by Date:
Re: System.framework/PrivateHeaders

Previous by thread:
(no subject)

Next by thread:
System.framework/PrivateHeaders

Index(es):

Date
Thread