Date: Sat, 31 Mar 2001 13:55:38 -0600 From: Mike Meyer <mwm@mired.org> To: Bill Moran <wmoran@iowna.com> Cc: questions@freebsd.org Subject: Re: access() system call Message-ID: <15046.13882.845275.101113@guru.mired.org> In-Reply-To: <35769801@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran <wmoran@iowna.com> types:
> This may be a question for -hackers, but I'll try here first.
>
> In the man page for the access(2) syscall, it states "access() is a
> potential security hole and should never be used."
>
> I have 3 questions regarding this:
>
> 1. What should I use instead?
As others have indicated, stat.
> 2. Is there any more information on why access() is such a terrible
> security hole?
I'd say the following quote from the man page pretty much covers it:
Even if a process has appropriate privileges and indicates success for
X_OK, the file may not actually have execute permission bits set. Like-
wise for R_OK and W_OK.
One of the common uses for access is to check the privileges of the
real user in a program that has enhanced it's privileges via set?id.
Since access can get this wrong, trusting it is a security hole. You
have to either check things yourself via stat (and don't forget to
check all the directories along the path as well), or surrender the
enhanced privileges before attempting the operation you're authorizing
with access. If you're not using enhanced privileges, then this isn't
a problem - just use access, and be prepared for things to fail.
> 3. Does not access(1) use access(2)? If so, that would make access(1) a
> security problem. Which is not documented in the man page (or anywhere
> else that I can find)
I'm not sure why it's relevant, but the sources to everything are
available.
<mike
--
Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15046.13882.845275.101113>