On Wed, 17 Oct 2007, Brandon S. Allbery KF8NH wrote: ... > Well, security folks (professional paranoids :) tend to consider > passing anything other than standard file descriptors to arbitrary > subprocesses to be a potential uncontrolled information leak. There > *are* times when you want to care about this, but in general there is > a tradeoff between secure and usable so most practical systems take > the middle road and make the programmer do fd swizzling by hand if > they need special behavior in either direction (either more or less > sharing, that is). (Early Unix, on the other hand, erred toward the > permissive/promiscuous, cf. your NetBSD source comparison.)
My source observations may have been ambiguous. Old NetBSD popen closed all fds, current NetBSD popen closes only popen fds. Donn Cave, [EMAIL PROTECTED] _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe