Conventional daemons

[Rick Ace]

> > [Why do daemons open / as stdin/stdout/stderr?]
> > The real question was, why open anything? Surely there's
> > nothing functionally useful about opening stdin/stdout on
> > "/" and it could be a potential hazard if ported...
> 
> You have to open *something*, because innocently writing an error message
> to stderr could be a disaster if the program got 2 as the descriptor for
> an explicit open of some important file.  This is one way of subverting
> setuid programs, in fact.
> 
> Our daemons open /dev/null for stdin and stdout and a log file for stderr.
> -- 
> Support the International
> League For The Derision		Henry Spencer @ U of Toronto Zoology
> Of User-Friendliness!		{allegra,ihnp4,decvax,pyramid}!utzoo!henry

Yes, the arguments about having to open *something* are indeed true.
But, conceivably (not likely, I'll admit), someone might have removed
/dev/null.  If your daemons don't check for an error when they open it,
you'll wind up with file descriptors 0 and 1 unopened, and the same
setuid security bugs you're trying to avoid.

It's a solid bet, though, that if your daemon is executing with uid 0,
you'll be able to open "/" for reading.  Given that you want to open
something, "/" is at least as likely to exist as any other object
in the filesystem, so it's a good choice in that regard.  If the daemon
were accidentally to read from file descriptor 0 ("/") and make some
decisions based upon what it got, it could keep the system programmer
occupied for a while :-).

-----
Rick Ace
Computer Graphics Laboratory
New York Institute of Technology
Old Westbury, NY  11568
(516) 686-7644

{decvax,seismo}!philabs!nyit!rick