Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 May 1999 11:09:57 -0700 (PDT)
From:      aron@cs.rice.edu
To:        freebsd-gnats-submit@freebsd.org
Subject:   kern/11915: access system call says file is readable when its not
Message-ID:  <19990528180957.D86E3151E1@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         11915
>Category:       kern
>Synopsis:       access system call says file is readable when its not
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 28 11:10:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Mohit Aron
>Release:        FreeBSD-3.2 Release
>Organization:
Rice University
>Environment:
FreeBSD luzern.cs.rice.edu 3.2-RELEASE FreeBSD 3.2-RELEASE #1: Wed May 26 18:02:08 CDT 1999     aron@luzern.cs.rice.edu:/usr/src/sys/compile/LUZERN  i386
>Description:
If a user has a file that is owned and readable only by him, and he
invokes a setuid executable (owned by some other user) that tries to
read this file, then the access() system call says that the file is
readable but when the file is opened for reading using fopen(), it fails.

>How-To-Repeat:
1) Create a file "foo" that's owned and is readable only by the current
   user (say X).
2) Compile the following C program and make the executable's owner to 
    be some other user (say Y) and turn on the setuid bit on the
    executable.
----------------------------- Cut Here ---------------------------------
#include <stdio.h>
#include <unistd.h>


main()
{
        FILE *fp;
        char *fname = "foo";


        if (!access(fname, R_OK)) {
                printf("access successful\n");
                fp = fopen(fname, "r");
                if (fp == NULL) {
                        printf("but fopen failed\n");
                }
        }
         
         
         
        return 0;
}
----------------------------- Cut Here ---------------------------------

3) Finally run the executable obtained above as user X. Notice how
   access is successful but an fopen() fails.

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990528180957.D86E3151E1>