Date: Sun, 13 Oct 2002 18:41:27 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Ricardo Anguiano <anguiano@codesourcery.com> Cc: Chris BeHanna <behanna@zbzoom.net>, FreeBSD Security <security@FreeBSD.ORG> Subject: Re: access() is a security hole? Message-ID: <20021013154127.GA2970@hades.hell.gr> In-Reply-To: <m3r8exszf8.fsf@mordack.codesourcery.com> References: <20021011094935.I86274-100000@topperwein.pennasoft.com> <m3r8exszf8.fsf@mordack.codesourcery.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-10-11 09:39, Ricardo Anguiano <anguiano@codesourcery.com> wrote: > Chris BeHanna <behanna@zbzoom.net> writes: > > On Fri, 11 Oct 2002, Bruce Evans wrote: > > > Setuid programs should only use access() to check whether they will > > > have permission after they set[ug]id() to the real [ug]id. Non-setuid > > > programs mostly don't need such checks. They can just try the operation. > > > > Perhaps the way to avoid the race is to open the file, lock it, > > and *then* call access(), then close the file or proceed based upon > > the result. > > What's wrong with opening the file, then using fstat to check the > properties of the file associated with the file descriptor? Sometimes, just opening a `file' has interesting side-effects. For instance, opening a rewinding tape device will start the tape rewinding process. You might not want to cause such side-effects to happen :-/ -- keramida@FreeBSD.org FreeBSD: The Power to Serve FreeBSD 5.0-CURRENT #12: Thu Oct 10 21:08:38 EEST 2002 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021013154127.GA2970>