===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/Attic/porting.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- www/Attic/porting.html	1998/08/18 02:49:25	1.11
+++ www/Attic/porting.html	1998/08/18 02:53:36	1.12
@@ -108,9 +108,10 @@
        a valid shell script, a syntax error message would follow, along with the
        first line of the offending file, without any further permission check.
        Pretty handy to grab the first line of a shadow passwd file, considering
-       these often start with root entry.   Once again, don't trust filenames:
-       open your file, and do an <code>fstat</code> on the open descriptor to 
-       check the actual rights.
+       these often start with root entry.   Do not open your file, and then do
+       an <code>fstat</code> on the open descriptor to check if you should have
+       been able to open it (or the attacked will play with /dev/rst0 and rewind
+       your tape) -- open it with the correct uid/gid/grouplist set.
 
    <li>Don't use anything that forks a shell in setuid programs before dropping
        your privileges. This includes <code>popen</code> and <code>system</code>.
@@ -298,6 +299,6 @@
   <hr>
   <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
   <a href=mailto:www@openbsd.org>www@openbsd.org</a>
-  <br><small>$OpenBSD: porting.html,v 1.11 1998/08/18 02:49:25 millert Exp $</small>
+  <br><small>$OpenBSD: porting.html,v 1.12 1998/08/18 02:53:36 deraadt Exp $</small>
  </body>
 </html>