From owner-freebsd-security  Sun Oct 13  8:41:27 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C31737B401
	for <security@FreeBSD.ORG>; Sun, 13 Oct 2002 08:41:25 -0700 (PDT)
Received: from nic.upatras.gr (nic.upatras.gr [150.140.129.30])
	by mx1.FreeBSD.org (Postfix) with SMTP id 7D93943E7B
	for <security@FreeBSD.ORG>; Sun, 13 Oct 2002 08:41:23 -0700 (PDT)
	(envelope-from keramida@ceid.upatras.gr)
Received: (qmail 25777 invoked from network); 13 Oct 2002 15:34:20 -0000
Received: from upnet-dialinpool-57.upnet.gr (HELO hades.hell.gr) (@150.140.128.197)
  by nic.upatras.gr with SMTP; 13 Oct 2002 15:34:20 -0000
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.6/8.12.6) with ESMTP id g9DFfSaW003812;
	Sun, 13 Oct 2002 18:41:28 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from keramida@localhost)
	by hades.hell.gr (8.12.6/8.12.6/Submit) id g9DFfRuV003811;
	Sun, 13 Oct 2002 18:41:28 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Date: Sun, 13 Oct 2002 18:41:27 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Ricardo Anguiano <anguiano@codesourcery.com>
Cc: Chris BeHanna <behanna@zbzoom.net>,
	FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: access() is a security hole?
Message-ID: <20021013154127.GA2970@hades.hell.gr>
References: <20021011094935.I86274-100000@topperwein.pennasoft.com> <m3r8exszf8.fsf@mordack.codesourcery.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <m3r8exszf8.fsf@mordack.codesourcery.com>
X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2002-10-11 09:39, Ricardo Anguiano <anguiano@codesourcery.com> wrote:
> Chris BeHanna <behanna@zbzoom.net> writes:
> > On Fri, 11 Oct 2002, Bruce Evans wrote:
> > > Setuid programs should only use access() to check whether they will
> > > have permission after they set[ug]id() to the real [ug]id.  Non-setuid
> > > programs mostly don't need such checks.  They can just try the operation.
> >
> >     Perhaps the way to avoid the race is to open the file, lock it,
> > and *then* call access(), then close the file or proceed based upon
> > the result.
>
> What's wrong with opening the file, then using fstat to check the
> properties of the file associated with the file descriptor?

Sometimes, just opening a `file' has interesting side-effects.  For
instance, opening a rewinding tape device will start the tape rewinding
process.  You might not want to cause such side-effects to happen :-/

-- 
keramida@FreeBSD.org       FreeBSD: The Power to Serve
FreeBSD 5.0-CURRENT #12: Thu Oct 10 21:08:38 EEST 2002

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message