On Wed, 17 Oct 2007, Brandon S. Allbery KF8NH wrote:
...
> Well, security folks (professional paranoids :) tend to consider
> passing anything other than standard file descriptors to arbitrary
> subprocesses to be a potential uncontrolled information leak. There
> *are* times when you want to care about this, but in general there is
> a tradeoff between secure and usable so most practical systems take
> the middle road and make the programmer do fd swizzling by hand if
> they need special behavior in either direction (either more or less
> sharing, that is). (Early Unix, on the other hand, erred toward the
> permissive/promiscuous, cf. your NetBSD source comparison.)
My source observations may have been ambiguous. Old NetBSD popen
closed all fds, current NetBSD popen closes only popen fds.
Donn Cave, [EMAIL PROTECTED]
_______________________________________________
Haskell-Cafe mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/haskell-cafe
