Date: Sat, 29 May 1999 03:40:03 -0700 (PDT) From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/11915: access system call says file is readable when its not Message-ID: <199905291040.DAA28916@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/11915; it has been noted by GNATS.
From: Bruce Evans <bde@zeta.org.au>
To: aron@cs.rice.edu, freebsd-gnats-submit@FreeBSD.ORG
Cc:
Subject: Re: kern/11915: access system call says file is readable when its not
Date: Sat, 29 May 1999 20:31:05 +1000
>>Description:
>If a user has a file that is owned and readable only by him, and he
>invokes a setuid executable (owned by some other user) that tries to
>read this file, then the access() system call says that the file is
>readable but when the file is opened for reading using fopen(), it fails.
access() is supposed to work like that. It checks that the real user can
access the file. Even if that's what you want, there may be races between
checking the access and doing the access, so using access() is usually wrong.
This is partly documented in the man page:
CAVEAT
Access() is a potential security hole and should never be used.
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905291040.DAA28916>