[Bug 3547] shell read is maybe too safe
dalias at aerifal.cx
Mon May 9 18:46:03 UTC 2011
On Mon, May 09, 2011 at 03:28:15PM +0200, Harald Becker wrote:
> I highly agree to this. It at least was the way it has been handled in
> bash (at the time I dig deep into bash code, >10 years ago). Don't know
> if this type of fd protection is still in there. Older shells even
> limited user fds to the single (or two) digit range (that is 0..9 or
> 0..99). Any user access to fds not bound to that range got rejected.
> Internal fds got moved to higher fd numbers (10+ or 100+, older bash
> used 128+). So that is definitly not only an idea, it is well known
> shell practice to protect pipe and other internal shell fds from
> unwanted user access.
Instead you could dynamically reassign your internal-use file
descriptors to work around whatever the script is opening... It would
be a pain, but certainly feasible. Perhaps bash does this now..?
More information about the busybox