I have an awk script that uses stdout to write to a file and /dev/fd/3 to write a status message about what happened during the run.
When I invoke awk with sudo, it fails because sudo closes all the file descriptors above 2. I know that I can configure sudo with the closefrom_override option and then use sudo -c4 ... so that it wont close the /dev/fd/3.
My question is what risk is sudo protecting us from by closing the all but the standard file descriptors? How would it be exploited? I need to know so that I can decide if it is acceptable for my server to use the closefrom_override option.
--BobG
