chris@umcp-cs.UUCP (Chris Torek) (06/20/85)
This would appear to give write access to read-only files. What happens if I say cat </tmp/foo >/dev/stdin as root? -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 4251) UUCP: seismo!umcp-cs!chris CSNet: chris@umcp-cs ARPA: chris@maryland
ark@alice.UUCP (Andrew Koenig) (06/21/85)
> This would appear to give write access to read-only files. > What happens if I say > cat </tmp/foo >/dev/stdin > as root? If you are root, you already have write access to read-only files. If not root, cat </etc/passwd >/dev/stdin elicits the error message: cat: output - is input whereas: cat >/dev/stdin </etc/passwd prints the password file on my terminal. This behavior appears a little less mysterious when you realize that (a) the standard input is normally connected to the terminal and is opened for both input and output, and (b) the Shell processes redirection requests one at a time from left to right. Thus in the first case, the Shell first opens /etc/passwd as file descriptor 1, then opens its standard output as dup(1), which results in both file descriptors being connected to the same file, which cat detects. In the second case, the Shell connects the standard output to dup(1) and then (re-) opens the standard input.
chris@umcp-cs.UUCP (Chris Torek) (06/22/85)
Darn! I was hoping I edited that in time, but apparently not. The posted /dev/stdin appears to give root write access to directories as well as files. (Try "od -c </tmp >/dev/stdin".) Also, it doesn't deal with opening /dev/stdin when fd 0 is not already open (gets you a dup of /dev/stdin, which you didn't have open; not sure what the consequences are but they probably aren't good.) -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 4251) UUCP: seismo!umcp-cs!chris CSNet: chris@umcp-cs ARPA: chris@maryland