So therefore, to
summarize this lesson. Know what's inherited, and
what you want inherited. Should the files be closed
when sub process begins? If yes, use the CLO exec or whatever variant
of that your system has. Also watch the umask. If the umask is set to zero, that means whatever the mask the programmer
gives to that file, that's the one it's going to use. Here's why it's so bad. When the system dumps core, when the program dumps core, the core file on many systems is created
as word readable, and writable, and executable. So that's why you want to have the umask at least for root B077. So, root can read, write, and execute things. But no one else can by default. What happens if you don't, well it was a very
famous instance, where someone found
a bug that would crash an FTP program, and
would dump core. So, what they did was they
went in, and crashed it. Then the FTP out the core file. Now, they should not have
been able to read it, but the umask on
this system was zero, and the core file was
created mode 666, which allowed anyone
to read and write it. So they pulled over the core
file, started analyzing it, and found a large number
of password hashes, that they could then use to
start guessing passwords. The second thing is,
an environment is far more than just
environment variables. It also involves privileges, it involves signal
handling, and so forth. By default, the child inherits the signal handlers
of the parent. So, you want to reset
the signals to the default, unless you want them to be handled the way
the parent handled them. The third thing is to check
your names very carefully. They may embody assumptions you normally don't worry about. But since it's
a privileged program, you are going to worry about it.